Skills
skills/d-oit/do-novelist-ai/iterative-refinement/Gen Agent Trust Hub

iterative-refinement

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The file tools/rust.md instructs the agent to install several unverified third-party crates globally using cargo install, including cargo-tarpaulin, cargo-llvm-cov, cargo-audit, cargo-deny, cargo-criterion, cargo-nextest, and sccache.
  • [COMMAND_EXECUTION] (LOW): The skill's primary functionality relies on executing a variety of shell-based validation tools and a provided bash script template. While these are standard developer tools, the automated execution environment poses a risk if processing compromised codebases.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The refinement workflow ingests data from external tool logs and suggested web search results without sanitization. Evidence Chain: 1. Ingestion points: SKILL.md (search results) and tools/rust.md (tool logs). 2. Boundary markers: Absent. 3. Capability inventory: Execution of cargo suite and bash scripts in tools/rust.md. 4. Sanitization: Absent. This enables untrusted content to influence the agent's logic during iterative cycles.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:27 PM