converge-loop

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run validation commands (e.g., pytest, cargo build) and discovery tools (e.g., eslint, knip). While these are standard development tools, they can execute arbitrary code if malicious scripts are defined in a project's configuration files (e.g., package.json scripts).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external tool outputs.
  • Ingestion points: Processes output from Bash commands (test failures, lint messages) and provides them to the Agent tool to determine fixes.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the iteration prompts.
  • Capability inventory: The skill has access to Bash (shell execution), Edit/Write (file system modification), and recursive Agent calls across all reference scripts.
  • Sanitization: There is no evidence of sanitization or validation of tool output before it is interpolated into prompts for subsequent agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — converge-loop