anneal
Warn
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions to override the agent's internal reasoning and safety assessments regarding task completion. The 'The Iron Law' and 'Preventing Premature Exit' sections use aggressive language to force continued operation regardless of the agent's evaluation. Examples include: 'YOU DO NOT DECIDE WHEN THE WORK IS DONE. THE CLOCK DECIDES.', 'You have zero authority to judge completeness', and identifying the thought 'The codebase looks clean enough' as a 'trap' to be ignored. This forces the agent to bypass standard stopping heuristics.
- [COMMAND_EXECUTION]: The skill's 'Safety Protocol' and 'Subagent Prompt' instruct the agent to 'Run the test suite' before and after every modification. This constitutes arbitrary command execution of the local project's testing scripts (e.g., npm test, pytest) within the user's environment.
- [DATA_EXFILTRATION]: The skill possesses an indirect prompt injection surface (Category 8). It ingests untrusted data from the codebase to 'find the highest-impact slop instance'. This content is processed by subagents with the capability to edit files and execute code (test suites). The instructions lack boundary markers or sanitization to prevent malicious instructions embedded in the codebase from influencing the agent's actions.
Audit Metadata