iterate

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute user-defined or agent-inferred commands for performance metrics and regression testing.
  • [COMMAND_EXECUTION]: The instructions explicitly tell the agent to suppress user oversight and confirmation: "NEVER ask 'should I continue?'
  • just keep going. The user may be asleep." This directive bypasses standard human-in-the-loop (HITL) safety protocols, allowing the agent to execute shell commands indefinitely without supervision.
  • [PROMPT_INJECTION]: The skill presents a high risk surface for indirect prompt injection as it is instructed to ingest and follow instructions derived from untrusted codebase content.
  • Ingestion points: Step 2 of the Preflight phase requires the agent to "Read all in-scope files" and "Understand the codebase before touching anything."
  • Boundary markers: Absent. There are no instructions to use delimiters or to disregard commands embedded within the code files it analyzes.
  • Capability inventory: The skill utilizes high-privilege tools including Bash, Write, Edit, and Agent (which allows the creation of sub-agents).
  • Sanitization: Absent. The skill does not provide mechanisms to escape or validate external content before it influences the agent's planning and execution logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 04:51 PM
Security Audit — agent-trust-hub — iterate