cekura-self-improving-agent
Use when the user asks to "improve my agent", "self-improving agent", "auto-tune my agent", "iterate on my agent prompt", "fix my agent based on test results", "close the loop on agent quality", "auto-improve agent prompt", "use eval results to improve agent", "optimize my prompt based on failures", "rewrite my prompt", or describes agent self-improvement, prompt iteration from run results, or automated agent quality loops. Covers the full diagnose → propose → apply → re-validate loop for VAPI agents (squads + tool definitions) and for self-hosted agents (custom websocket servers, including the offline / pasted-prompt degenerate variant).
59
68%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./cekura/skills/cekura-self-improving-agent/SKILL.mdSecurity
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-run transcripts and call logs from the platform (phases/optimization/collect.md — via results_retrieve / runs_bulk_retrieve and agents/fetch_failures.py) and the Diagnose/Eval phases read and act on those failing transcripts to propose and (in auto_mode) apply prompt/tool/code edits, so untrusted user-generated content can materially influence tool use and next actions.
- Repository
- cekura-ai/cekura-skills
- Commit
24ad1d0
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.