loop-engineering
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an orchestration loop (the "Grill") that ingests goals, success criteria, and context files from the execution environment. This architecture creates an entry point for indirect prompt injection, where malicious instructions hidden in data or files could influence the agent's logic.
- Ingestion points: The orchestration process gathers user-provided goals, success criteria, and file paths (context files) to initialize the loop.
- Boundary markers: The skill does not define delimiters or specific instructions for the agent to distinguish between the framework's commands and potentially malicious instructions within the ingested context.
- Capability inventory: The skill is designed to execute shell commands (
successCommand), read files/directories, and coordinate multiple specialized agents (fixer, designer, explorer, librarian). - Sanitization: No validation or sanitization mechanisms are described for the execution of the
successCommandor the processing of context files. - [COMMAND_EXECUTION]: The framework explicitly supports and requests the execution of shell commands via the
successCommandparameter for CLI-based verification steps. - Evidence: The 'Grill' section prompts for a
successCommandwhen the success type is set tocommandor CLI steps.
Audit Metadata