loop-executor
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection because it reads and acts upon tasks defined in an external project file (
plan.md).\n - Ingestion points: The agent accesses
plan.mdin multiple stages (checklist and execution) to identify which tasks to perform.\n - Boundary markers: The prompt lacks explicit delimiters or instructions to the agent to ignore or isolate potentially malicious instructions embedded within the tasks in
plan.md.\n - Capability inventory: The agent possesses capabilities to read and write arbitrary files in the project directory and perform version control operations (commits).\n
- Sanitization: There are no mentioned mechanisms for validating or sanitizing the content of the plan file before the agent executes the tasks described therein.\n- [COMMAND_EXECUTION]: The skill is instructed to perform git operations, specifically 'Commit code changes' at defined checkpoints. This capability allows the agent to modify the project's history and persists changes based on its execution phase.
Audit Metadata