backpropagate-specs
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local utility script using
python3 bin/loop-factory backprop --agent codex. This is standard behavior for a development-focused skill and involves scripts located within the project's own directory structure. - [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection as the skill reads content from a generated file at
factory/prompts/backprop.codex.md. - Ingestion points:
factory/prompts/backprop.codex.mdis loaded into the agent's context as part of the workflow. - Boundary markers: No explicit boundary markers or 'ignore' instructions are used to wrap the file content.
- Capability inventory: The skill has the capability to execute local commands and read/write project files.
- Sanitization: No sanitization of the input file content is mentioned.
- Risk Mitigation: The workflow explicitly instructs the user to 'Read generated prompt' and 'Inspect git diff directly', ensuring human-in-the-loop verification of the data before it influences further actions.
Audit Metadata