Skills
skills/doyoonear/skills-and-agents/verification-loop/Gen Agent Trust Hub

verification-loop

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via pnpm (e.g., pnpm tsc, pnpm test). These commands run scripts defined in the local project environment, which can involve arbitrary code execution.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through malicious content in the code it verifies.
  • Ingestion points: Project source code, test files, and configuration files like package.json (SKILL.md).
  • Boundary markers: No boundary markers or 'ignore' instructions are present to prevent the agent from acting on malicious instructions embedded in the project files.
  • Capability inventory: High-level command execution capability through pnpm scripts, which can be leveraged to run any code included in the project's test suite or build pipeline.
  • Sanitization: There is no mechanism to sanitize or validate the project-defined scripts or test content before they are executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 06:38 AM