iterate
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute user-defined or agent-inferred commands for performance metrics and regression testing. - [COMMAND_EXECUTION]: The instructions explicitly tell the agent to suppress user oversight and confirmation: "NEVER ask 'should I continue?'
- just keep going. The user may be asleep." This directive bypasses standard human-in-the-loop (HITL) safety protocols, allowing the agent to execute shell commands indefinitely without supervision.
- [PROMPT_INJECTION]: The skill presents a high risk surface for indirect prompt injection as it is instructed to ingest and follow instructions derived from untrusted codebase content.
- Ingestion points: Step 2 of the Preflight phase requires the agent to "Read all in-scope files" and "Understand the codebase before touching anything."
- Boundary markers: Absent. There are no instructions to use delimiters or to disregard commands embedded within the code files it analyzes.
- Capability inventory: The skill utilizes high-privilege tools including
Bash,Write,Edit, andAgent(which allows the creation of sub-agents). - Sanitization: Absent. The skill does not provide mechanisms to escape or validate external content before it influences the agent's planning and execution logic.
Audit Metadata