skill-improver
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill methodology is susceptible to indirect prompt injection as it processes external data from SKILL.md files using high-capability tools.
- Ingestion points: Content is ingested through the 'Read', 'Glob', and 'Grep' tools during the review and fix phases.
- Boundary markers: The instructions do not define delimiters or specific 'ignore instructions' warnings for the content being processed, which may allow embedded malicious instructions to influence agent behavior.
- Capability inventory: The skill is authorized to use 'Task', 'Edit', and 'Write' tools, which could be exploited to execute commands or modify local files.
- Sanitization: No sanitization or validation of the reviewed skill content is specified before the agent performs fix operations.
- [EXTERNAL_DOWNLOADS]: The skill documentation references the 'plugin-dev' plugin and 'skill-reviewer' agent from the official Trail of Bits repository. These are recognized as trusted vendor resources.
- [COMMAND_EXECUTION]: The skill is permitted to use the 'Task' tool to facilitate automated review cycles. This usage is consistent with the skill's primary objective of skill improvement.
Audit Metadata