Skills
skills/catlog22/claude-code-workflow/ccw-loop/Gen Agent Trust Hub

ccw-loop

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill interpolates user-controlled task descriptions into the system instructions of a sub-agent, creating a surface for indirect prompt injection.
  • Ingestion points: The task argument and state.description in phases/01-session-init.md.
  • Boundary markers: The spawn_agent call in phases/02-orchestration-loop.md uses Markdown headers but lacks explicit 'ignore embedded instructions' delimiters.
  • Capability inventory: The orchestration logic allows Bash execution, file writing, and sub-agent spawning.
  • Sanitization: No sanitization or validation of the input string is performed.
  • [COMMAND_EXECUTION] (SAFE): The skill uses the Bash tool to execute shell commands for standard development tasks such as identifying the project root and running test frameworks.
  • Evidence: Bash calls in phases/01-session-init.md (git rev-parse) and actions/action-validate.md (npm test, pytest).
  • [DYNAMIC_EXECUTION] (SAFE): The debug action dynamically modifies source files by injecting NDJSON logging statements for instrumentation.
  • Evidence: actions/action-debug.md adds console.log statements to track hypothesis verification. This behavior is purpose-aligned for a debugging tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM