skill-tuner
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to capture arbitrary user feedback and apply it as additional constraints to all future skill runs. This creates a persistent indirect prompt injection surface where a single malicious instruction could permanently compromise the agent's behavior across multiple tasks.
- [PROMPT_INJECTION]: Mandatory Indirect Prompt Injection Analysis: (1) Ingestion points: User feedback strings captured via natural language triggers (e.g., 'Always...', 'From now on...') after any skill execution. (2) Boundary markers: Absent; instructions are stored and then applied 'silently' as additional constraints without any delimiters or 'ignore embedded instructions' warnings to the model. (3) Capability inventory: File system read/write access to project directories (e.g., .skill-tuner/) and broad influence over the prompt context of all other active skills. (4) Sanitization: Absent; the skill captures user input directly and appends it to storage files without verification, validation, or safety filtering.
Audit Metadata