build-loop-cursor
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides high-level instructions for managing software development tasks. It uses standard development tools and practices such as running tests and performing code reviews.
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources including plan files (roadmaps, task lists) and user prompts. While this creates a potential surface for indirect prompt injection, the instructions are limited to technical implementation and verification steps.
- Ingestion points: Plan files (roadmap, refactor plan, task list), specification documents, and user prompts (SKILL.md).
- Boundary markers: None explicitly defined for isolating plan content or prompt data.
- Capability inventory: Implementation of code changes, execution of the Cursor
/reviewcommand, running project test suites, and running the application (SKILL.md). - Sanitization: No explicit sanitization or validation of the input data is described.
Audit Metadata