ccw-loop-b
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill possesses an attack surface for indirect prompt injection in the worker prompt generation logic.\n
- Ingestion points: User tasks and worker outputs are merged into prompts in
phases/orchestrator.md.\n - Boundary markers: No explicit delimiters are used in the prompt template to isolate untrusted task data.\n
- Capability inventory: Includes
Bashcommand execution, filesystem access, and subagent orchestration.\n - Sanitization: Input data is not sanitized or escaped before prompt interpolation.\n
- Note: This vulnerability is structural to the orchestration pattern and carries minimal risk in a controlled development environment.\n- [COMMAND_EXECUTION] (SAFE): The validation worker (
workers/worker-validate.md) executes local commands viaBashto run unit tests, linters, and type checks. These operations are essential to the skill's purpose and follow best practices for software automation.
Audit Metadata