loop
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests untrusted user-defined tasks to drive its iterative logic without employing boundary markers to isolate the instructions.
- Ingestion points: User-provided task descriptions supplied via the
/loopcommand or natural language triggers like "iterate until done" (SKILL.md). - Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specific tags to encapsulate the user-defined goals.
- Capability inventory: The skill is documented to use
Bash,Edit, andWritetools to perform implementation attempts (SKILL.md). - Sanitization: Absent. There is no evidence of validation or escaping for the content within the task descriptions.
- [COMMAND_EXECUTION]: The skill instructions explicitly direct the agent to utilize shell commands and custom CLI tools to achieve its goals.
- Evidence: Use of the
Bashtool for implementation steps and theralph gatescommand for quality validation (SKILL.md).
Audit Metadata