ql-plan
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for fetching runner scripts (
quantum-loop.shandquantum-loop.ps1) from the author's GitHub repository athttps://raw.githubusercontent.com/andyzengmath/quantum-loop/main/templates/to facilitate the execution phase of the pipeline. - [COMMAND_EXECUTION]: The instructions guide the user to grant execution permissions to the downloaded shell scripts using
chmod +xand subsequently run them to manage the autonomous development loop. - [DATA_EXFILTRATION]: The skill performs read operations on local project configuration files, such as
package.json,pyproject.toml, andgo.mod, to extract metadata, technology stack information, and determine appropriate file paths for task generation. - [PROMPT_INJECTION]: The skill processes external Product Requirements Documents (
tasks/prd-*.md) to extract user stories and requirements. This creates an indirect prompt injection surface as the agent lacks explicit boundary markers or sanitization logic for content ingested from these files. - Ingestion points: Reads requirements from
tasks/prd-*.md(documented inSKILL.md). - Boundary markers: Absent; the agent is instructed to read the entire PRD directly into context.
- Capability inventory: Generates task lists and verification commands within
quantum.json(documented inSKILL.md). - Sanitization: Absent; the skill relies on the agent to parse and interpret the PRD content without filtering.
Audit Metadata