breezing
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute local shell commands, including the management of temporary files in/tmpand the invocation of thecodexCLI for code generation and workspace writing. - [PROMPT_INJECTION]: The skill explicitly references and operates in a
bypassPermissionsmode by default, which is designed to suppress user confirmation for actions taken by sub-agents or during automated cycles. - [PROMPT_INJECTION]:
- Ingestion points: The skill reads task definitions, dependency graphs, and execution instructions directly from
Plans.mdwithin the local workspace. - Boundary markers: None identified; instructions found within
Plans.mdare processed as authoritative commands for the agent team. - Capability inventory: The agent possesses extensive capabilities, including shell access (
Bash), file system modification (Write,Edit), and network access (WebFetch,WebSearch). - Sanitization: No validation or sanitization is performed on the content of
Plans.mdbefore it is used to drive automated tasks or shell executions. - [COMMAND_EXECUTION]: Employs the
/loopcommand to establish persistence through periodic task monitoring and execution (e.g., every 5 minutes), which could facilitate long-running automated actions without constant human oversight.
Audit Metadata