skill-evolution
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an "auto-evolution" mechanism that modifies skill templates based on user edit patterns. This creates a surface for Indirect Prompt Injection (Category 8). \n
- Ingestion points: User edits are collected via PostTool hooks and stored in
.claude/feedback/edit-patterns.jsonl(referenced in SKILL.md and pattern-detection-heuristics.md). \n - Boundary markers: Absent. The system matches regex patterns against raw user edits without delimiters or instructions to ignore embedded instructions. \n
- Capability inventory: The skill uses
WriteandEdittools to modify skill files and executes shell scripts in.claude/scripts/(referenced in evolution-commands.md). \n - Sanitization: Absent. The logic focuses on pattern frequency and confidence rather than content sanitization before modifying skill instructions. \n- [COMMAND_EXECUTION]: The skill's implementation relies on external shell scripts (e.g.,
evolution-engine.sh,version-manager.sh) located in the project's hidden directory (.claude/scripts/). These scripts perform file operations and version management but are not provided in the skill bundle for security verification. \n- [COMMAND_EXECUTION]: Implementation subcommands interpolate shell variables like$SKILL_IDand$VERSIONdirectly into command strings. If these values are derived from untrusted inputs or malformed filenames, they could potentially lead to command injection.
Audit Metadata