sentinel-loop
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
validate-launch.sh) to verify the integrity, structure, and safety of generated launch commands before they are presented to the user for execution.\n- [PROMPT_INJECTION]: The skill implements an orchestration pipeline that processes untrusted project documentation (indirect prompt injection surface). This is managed through the following mandatory security controls:\n - Ingestion points: Reads project state and requirements from
PRD.md,progress.yaml, and the rules section ofCLAUDE.md.\n - Boundary markers: Generates unique per-run nonces with a
SENTINEL_prefix and uses<promise>tags to ensure completion signaling is not accidentally triggered by model dialogue.\n - Capability inventory: The skill has the capability to write to local temporary files (
.sentinel/tmp/) and execute local validation scripts via the shell.\n - Sanitization: Explicitly performs shell-safe escaping for special characters (backticks, dollar signs, quotes) and validates the final payload size to prevent execution failures or injection via shell argument limits.
Audit Metadata