stop
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash commands to manage the lifecycle of a loop, including file system checks and system service management.
- Evidence: The script sources local helper libraries (
launchd-lib.sh,state-lib.sh, andregistry-lib.sh) located within the vendor's plugin directory to perform unregistration and cleanup. - Evidence: It uses
rm -rfto delete the loop's state directory after the stop operation, which includes a safety check mentioned in the documentation to ensure it only operates within the user's home directory. - Evidence: It generates and suggests a
git commitcommand to document the termination of the loop contract. - [PROMPT_INJECTION]: The skill exhibits a standard surface for indirect prompt injection by processing external data.
- Ingestion points: The skill reads from
LOOP_CONTRACT.md(Step 1 and Step 3) to generate a final state summary. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the contract file.
- Capability inventory: The skill has access to bash, file editing, and tool searching capabilities.
- Sanitization: No explicit sanitization or validation of the contract's content is described before interpolation into the
DONEsection or git commit message.
Audit Metadata