loop

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests untrusted user-defined tasks to drive its iterative logic without employing boundary markers to isolate the instructions.
  • Ingestion points: User-provided task descriptions supplied via the /loop command or natural language triggers like "iterate until done" (SKILL.md).
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specific tags to encapsulate the user-defined goals.
  • Capability inventory: The skill is documented to use Bash, Edit, and Write tools to perform implementation attempts (SKILL.md).
  • Sanitization: Absent. There is no evidence of validation or escaping for the content within the task descriptions.
  • [COMMAND_EXECUTION]: The skill instructions explicitly direct the agent to utilize shell commands and custom CLI tools to achieve its goals.
  • Evidence: Use of the Bash tool for implementation steps and the ralph gates command for quality validation (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:28 PM
Security Audit — agent-trust-hub — loop