Skills
skills/code-yeongyu/lazycodex/ulw-loop/Gen Agent Trust Hub

ulw-loop

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The bootstrap logic in references/full-workflow.md executes a shell script that searches for and aliases a JavaScript executable from local paths such as plugin caches. This dynamic execution of scripts from variable local directories is a security risk.
  • [PROMPT_INJECTION]: The skill is susceptible to command injection through the user-provided 'brief' parameter. Because this input is interpolated directly into a shell command line (omo ulw-loop create-goals --brief "<brief>"), a malicious user could execute arbitrary code by including shell metacharacters in their request.
  • [EXTERNAL_DOWNLOADS]: The instructions recommend installing the 'lazycodex-ai' package via npx, which executes code from an unverified third-party registry.
  • [PROMPT_INJECTION]: The skill lacks sanitization for user input used in sub-agent orchestration. The 'brief' data is passed into the messages of spawned agents, creating a risk for indirect prompt injection where a user can manipulate the behavior of child agents.
  • [SAFE]: The skill references 'agent-browser' from Vercel Labs' GitHub repository, which is considered a trusted source.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 11:38 AM
Security Audit — agent-trust-hub — ulw-loop