loop-fixer
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to suppress user interaction and automatically bypass human review when a specific failure threshold is reached. Evidence: Multiple directives stating 'NEVER ask user' when the fix cycle count reaches 5.
- [COMMAND_EXECUTION]: The skill possesses an indirect prompt injection surface by ingesting and acting upon instructions from external evaluation reports to modify code and execute build checks.
- Ingestion points: Evaluation reports from referenced files.
- Boundary markers: Absent; the skill does not use delimiters or warnings to ignore embedded instructions in the ingested data.
- Capability inventory: File system read/write access and shell command execution for implementing fixes and verifying builds.
- Sanitization: Absent; the skill extracts instructions directly from the report and translates them into actionable tasks without validation.
Audit Metadata