loop-skill
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands to manage state and verify project integrity.
- Uses
git status,git diff, andgit ls-filesto snapshot the initial state and generate a net report of changes. - Invokes project-specific automation tools like
just(e.g.,just test,just lint) to verify the success of the iterations. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by design, as it ingests and executes instructions from external
SKILL.mdfiles. - Ingestion points: The agent resolves and reads
SKILL.mdfiles from paths or names provided in the user's invocation arguments. - Boundary markers: The skill does not explicitly define sanitization or boundary markers for the instructions retrieved from the target skill.
- Capability inventory: The skill possesses the capability to inspect the repository (
git) and execute project recipes (just). - Sanitization: Instructions from the target skill are followed "inline," relying on the agent's core safety guardrails when processing the sub-skill.
Audit Metadata