improve
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for directory management and file operations. \n
- Evidence: Commands such as
mkdir -p eval/experiments/<name>andcp skills/<name>/SKILL.mdare used during the setup and promotion phases, involving variable interpolation of skill names. \n- [PROMPT_INJECTION]: The skill processes untrusted instructions from external files, creating a surface for indirect prompt injection. \n - Ingestion points:
skills/<name>/SKILL.mdand related markdown files are read into the agent's context for diagnosis and improvement. \n - Boundary markers: Absent; there are no specified delimiters to isolate the content being improved from the improver's logic. \n
- Capability inventory: The skill has the ability to read and write to the local filesystem and execute shell commands. \n
- Sanitization: Absent; the skill relies on the LLM's reasoning capabilities to process and modify instructions without prior validation.
Audit Metadata