Skills
skills/takumiyoshikawa/skill-loop/skill-loop/Gen Agent Trust Hub

skill-loop

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the GitHub CLI (gh) to manage repository state. Evidence includes commands like gh issue list, gh issue view, gh issue edit, and gh issue comment across various asset templates.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it ingests untrusted data from GitHub issues to drive agent planning and code implementation.
  • Ingestion points: GitHub issue titles, bodies, and comments are fetched via gh issue view and gh issue list in the issue-check, plan, implement, and review skill templates.
  • Boundary markers: None. The templates instructions (e.g., in implement.SKILL.md.tmpl) treat the issue thread as a "source of truth" without warning the agent to ignore potentially malicious instructions embedded in the issue content.
  • Capability inventory: The skill has the capability to write new files (starter skills and configuration), create git branches, and modify repository source code during the implementation phase.
  • Sanitization: There is no evidence of sanitization or escaping of the content retrieved from GitHub before it is processed by the agent.
  • [DYNAMIC_EXECUTION]: The skill's primary function involves generating new executable instruction files (SKILL.md) and orchestration configuration (skill-loop.yml) at runtime using provided templates. This behavior is consistent with the skill's stated purpose of bootstrapping workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 05:20 PM