Skills
skills/sunfmin/autocraft/journey-loop/Gen Agent Trust Hub

journey-loop

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches remote data from a specific GitHub Gist (ID: 84a5c108d5742c850704a5088a3f4cbf) using the gh gist view command. This content is used to populate instructions for a sub-agent.
  • [COMMAND_EXECUTION]: The orchestrator performs various shell operations including file deletion (rm), monitoring log files (tail, grep), and process termination (pkill). It specifically targets xcodebuild processes to enforce timing constraints during automated tests.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting data from external and untrusted sources:
  • Ingestion points: Reads requirements from spec.md (local file) and instructions from a remote GitHub Gist (ID: 84a5c108d5742c850704a5088a3f4cbf).
  • Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions when interpolating the content of the Gist or specification files into the agent's prompt.
  • Capability inventory: The agent has the ability to execute shell commands and invoke other skills (such as autocraft:refine-journey), which could be exploited if malicious instructions are successfully injected into the context.
  • Sanitization: There is no evidence of validation, escaping, or filtering of the content retrieved from the Gist or the specification file before it is processed and included in prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:40 AM