converging-and-polishing
Warn
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using external CLI tools, specifically
codex execandclaude -p. Additionally, it requires the execution of arbitrary commands for project verification, such as running "tests, a build, or behavior checks." - [COMMAND_EXECUTION]: The skill contains instructions for the agent to self-modify its own source file (
SKILL.md). Specifically, it mandates: "If you discover the CLI exposes a newer/stronger model, edit this skill to update these defaults." - [PROMPT_INJECTION]: The skill creates a surface for Indirect Prompt Injection because it iterates on arbitrary artifacts (code, design, documents) that may contain malicious instructions.
- Ingestion points: Ingests untrusted data through the artifacts provided for review and hardening.
- Boundary markers: The skill does not define clear delimiters or "ignore" instructions for the processed content, deferring the logic to external sub-skills.
- Capability inventory: The agent possesses high-impact capabilities including shell command execution (
codex,tests,build) and file modification (self-editing the skill file). - Sanitization: There is no evidence of sanitization or filtering of the artifact content before it is processed by reviewers or executed in test environments.
- [REMOTE_CODE_EXECUTION]: By orchestrating external agents via
codex exec, the skill facilitates the remote execution of tasks which may be influenced by instructions embedded within the processed artifacts.
Audit Metadata