fix-loop
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to determine scope (
git diff) and perform baseline testing. In Step 2, it identifies and runs 'canonical verification commands' from project files like READMEs, Makefiles, or build scripts. This allows the execution of arbitrary commands found within the target repository. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Reads project documentation (README, CONTRIBUTING), build scripts, and source code.
- Boundary markers: None present; the agent is instructed to find and execute commands directly from these sources.
- Capability inventory: Executes shell commands via subprocess/agent tools based on information extracted from the ingested files.
- Sanitization: No validation or sanitization of the extracted commands is performed before execution. An attacker could place malicious commands in a README that the agent would then execute as a 'verification step'.
Audit Metadata