tp
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script at
~/.claude/skills/tr/scripts/autoloop.shby passing a command to the/file-optool to initialize an execution loop. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its data ingestion and execution capabilities.
- Ingestion points: Untrusted data is ingested through the
$ARGUMENTSvariable and external web content retrieved viaWebSearchandWebFetchoperations in theflow.mdexecution logic. - Boundary markers: The skill does not define clear delimiters or instructions to treat web-fetched content as data rather than instructions, which could allow maliciously crafted web content to influence the planning process.
- Capability inventory: The skill has the capability to execute shell commands and write files via the
/file-optool, and perform network requests viaWebSearch/WebFetch. - Sanitization: No sanitization, validation, or filtering of the content retrieved from web sources is performed before it is integrated into the task plan and subsequent execution.
Audit Metadata