converge-loop
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run validation commands (e.g.,pytest,cargo build) and discovery tools (e.g.,eslint,knip). While these are standard development tools, they can execute arbitrary code if malicious scripts are defined in a project's configuration files (e.g.,package.jsonscripts). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external tool outputs.
- Ingestion points: Processes output from
Bashcommands (test failures, lint messages) and provides them to theAgenttool to determine fixes. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the iteration prompts.
- Capability inventory: The skill has access to
Bash(shell execution),Edit/Write(file system modification), and recursiveAgentcalls across all reference scripts. - Sanitization: There is no evidence of sanitization or validation of tool output before it is interpolated into prompts for subsequent agent actions.
Audit Metadata