zi-kong
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a daemon mode and an autonomous loop for persistent background execution. The logic involves scanning the host environment and executing actions which suggest shell command usage for builds and tests.
- [REMOTE_CODE_EXECUTION]: The skill implements a self-modifying agent that generates code improvements and executes them dynamically on its own source code. This dynamic execution of AI-generated content is a significant security risk.
- [PROMPT_INJECTION]: The autonomous loop creates a surface for indirect prompt injection where data scanned from the environment can influence future autonomous actions. Ingestion points: File system and environment state scanned in rules/autonomous-loop.md. Boundary markers: None present in the provided instructions. Capability inventory: The execute method performs file writes and system status checks based on generated decisions. Sanitization: No sanitization or verification of the generated code or environment data is present.
Recommendations
- AI detected serious security threats
Audit Metadata