tighten-loop
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it processes untrusted data from the conversation transcript.
- Ingestion points: The conversation history/transcript is scanned for user 'steers' (SKILL.md, Process Step 1).
- Boundary markers: The skill lacks explicit instructions or delimiters to ignore or sanitize potentially malicious instructions embedded within the transcript.
- Capability inventory: The skill facilitates potentially impactful actions by routing findings to tools like
claude-md-management:claude-md-improver,skill-creator, andupdate-config(which can modify.claude/settings.jsonpermissions). - Sanitization: No explicit sanitization of the transcript content is performed before it is used to formulate recommendations.
- Mitigation: The skill includes a 'human-in-the-loop' requirement, stating that it should 'offer handoffs' and 'Don't apply anything without confirmation' (SKILL.md, Process Step 4).
Audit Metadata