improve
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
mkdirandcpto create an evaluation environment and back up original skill files. These operations are limited to local directory management. - [DATA_EXFILTRATION]: The skill reads existing markdown files and project documentation (CLAUDE.md) from the local filesystem to perform its analysis. It does not perform any network operations or send data to external servers.
- [PROMPT_INJECTION]: The skill processes other markdown-based skill definitions to identify improvements. This creates a surface for indirect prompt injection where untrusted data (target skills) enters the agent context. * Ingestion points:
skills/<name>/SKILL.md* Boundary markers: Absent; no explicit delimiters are used to separate target skill content from improvement logic. * Capability inventory: Filesystem operations (mkdir,cp,write) are used across the evaluation and promotion phases. * Sanitization: Absent; the skill relies on internal reasoning and manual user approval to validate changes. The risk is mitigated by the structured evaluation process and the requirement for manual user approval before any changes are committed.
Audit Metadata