evolving-loop
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill generates and executes code at runtime. The 'GENERATE' phase creates new skill files in '.self-evolving-loop/generated-skills/' which are subsequently executed during the 'EXECUTE' phase. This allows the agent to evolve its own executable logic.
- [COMMAND_EXECUTION]: The skill invokes shell commands such as 'mkdir' and 'rm -rf' to manage its internal state and vendor-specific memory directories ('.claude/memory'). The '--force' flag triggers a recursive deletion of generated files.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided task descriptions through the $ARGUMENTS variable, which is interpolated directly into the 'evolving-orchestrator' prompt without sanitization. This input influences the dynamic code generation process in subsequent phases.
- [INDIRECT_PROMPT_INJECTION_EVIDENCE]: 1. Ingestion point: SKILL.md (via $ARGUMENTS). 2. Boundary markers: Absent in the orchestrator task prompt. 3. Capability inventory: Shell command execution and dynamic skill generation/execution. 4. Sanitization: No sanitization or validation of user input is performed before interpolation.
Audit Metadata