converging-and-polishing

Warn

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using external CLI tools, specifically codex exec and claude -p. Additionally, it requires the execution of arbitrary commands for project verification, such as running "tests, a build, or behavior checks."
  • [COMMAND_EXECUTION]: The skill contains instructions for the agent to self-modify its own source file (SKILL.md). Specifically, it mandates: "If you discover the CLI exposes a newer/stronger model, edit this skill to update these defaults."
  • [PROMPT_INJECTION]: The skill creates a surface for Indirect Prompt Injection because it iterates on arbitrary artifacts (code, design, documents) that may contain malicious instructions.
  • Ingestion points: Ingests untrusted data through the artifacts provided for review and hardening.
  • Boundary markers: The skill does not define clear delimiters or "ignore" instructions for the processed content, deferring the logic to external sub-skills.
  • Capability inventory: The agent possesses high-impact capabilities including shell command execution (codex, tests, build) and file modification (self-editing the skill file).
  • Sanitization: There is no evidence of sanitization or filtering of the artifact content before it is processed by reviewers or executed in test environments.
  • [REMOTE_CODE_EXECUTION]: By orchestrating external agents via codex exec, the skill facilitates the remote execution of tasks which may be influenced by instructions embedded within the processed artifacts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 7, 2026, 12:30 PM
Security Audit — agent-trust-hub — converging-and-polishing