loop-skill

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local system commands to manage state and verify project integrity.
  • Uses git status, git diff, and git ls-files to snapshot the initial state and generate a net report of changes.
  • Invokes project-specific automation tools like just (e.g., just test, just lint) to verify the success of the iterations.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by design, as it ingests and executes instructions from external SKILL.md files.
  • Ingestion points: The agent resolves and reads SKILL.md files from paths or names provided in the user's invocation arguments.
  • Boundary markers: The skill does not explicitly define sanitization or boundary markers for the instructions retrieved from the target skill.
  • Capability inventory: The skill possesses the capability to inspect the repository (git) and execute project recipes (just).
  • Sanitization: Instructions from the target skill are followed "inline," relying on the agent's core safety guardrails when processing the sub-skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 05:05 PM
Security Audit — agent-trust-hub — loop-skill