<role-name>
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The templates describe an autonomous workflow where agents ingest tasks ('Beads') from a queue, creating a surface for indirect prompt injection.\n
- Ingestion points: Task content from the Loom work queue as described in AI_START_HERE.md.\n
- Boundary markers: No specific delimiters or instructions to ignore nested prompts are provided in the templates.\n
- Capability inventory: Agents are granted capabilities for git operations and system file access.\n
- Sanitization: No sanitization or validation protocols are defined for task content.\n- [COMMAND_EXECUTION]: The documentation defines a JSON-based action format and protocols for file system interactions (REQUEST_FILE_ACCESS).\n- [SAFE]: No malicious code, obfuscation, or unauthorized network operations were detected in the markdown-based templates.
Audit Metadata