Skills
skills/adaptationio/skrillz/autonomous-loop/Gen Agent Trust Hub

autonomous-loop

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): Detected a potential surface for indirect prompt injection in the continuation prompt generation logic.
  • Ingestion points: Untrusted data from previous sessions is read from .claude/continuation.json via the load_pending_continuation method in scripts/continuation_handler.py.
  • Boundary markers: The create_continuation_prompt function in scripts/continuation_handler.py interpolates the context_summary and reason fields directly into the markdown prompt without using delimiters or isolation markers to prevent instructions within those fields from being followed.
  • Capability inventory: The orchestrator in scripts/feature_orchestrator.py manages the implementation and testing of features, which involves code modification and execution capabilities via the CodingAgent and E2ETester components.
  • Sanitization: There is no evidence of sanitization or escaping performed on the session metadata before it is included in the prompt for the subsequent session.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:30 PM