ulw-loop
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing a variety of shell commands and tools, including the omo CLI, curl, tmux, node, playwright, and OS-level automation tools. The bootstrap process includes a script that dynamically searches for a Javascript CLI entry point (cli.js) within a plugin cache directory ($CODEX_HOME/plugins/cache/sisyphuslabs/omo/*/components/ultragoal/dist/cli.js) and executes it using Node.js. The skill automates complex system interactions across multiple Manual-QA channels like HTTP calls and browser automation.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing the core tool using 'bunx omo install --platform=codex', which downloads and executes a package from a remote registry.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user data via a 'brief' which is then processed to generate actionable goals and success criteria.
- Ingestion points: User-provided brief passed to omo ultragoal create-goals in SKILL.md.
- Boundary markers: No explicit delimiters or instructions are used to isolate the brief content from the agent's logic during interpolation.
- Capability inventory: The skill can execute shell commands, perform network requests, and control browser/OS-level interfaces via the Manual-QA channels described in SKILL.md.
- Sanitization: No input validation or sanitization of the brief's content is described before it is used to drive the orchestration loop.
Audit Metadata