task-loop-verify
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A thorough review of the skill's logic, tools, and metadata reveals no signs of malicious intent, obfuscation, or unauthorized access.
- [COMMAND_EXECUTION]: The skill employs standard 'bash' tools, specifically 'jq' for JSON parsing and 'rm' for state file removal. These operations are restricted to the agent's internal '.shipspec' directory and are necessary for the skill's stated functionality.
- [DATA_EXFILTRATION]: Access is limited to internal configuration files like 'TASKS.json' and local state pointers. No sensitive user credentials, SSH keys, or environment variables are accessed or transmitted externally.
- [PROMPT_INJECTION]: The skill processes task prompts and state data from local JSON files, representing a common indirect prompt injection surface. However, the risk is negligible as the data is internal to the agent's workflow management. Ingestion points: Reads state from '.shipspec/active-loop.local.json', 'state_path' references, and '.shipspec/planning/[feature]/TASKS.json'. Boundary markers: None explicitly defined in the instructions. Capability inventory: Use of 'Bash' (jq, rm) and delegation to 'task-verifier'. Sanitization: Relies on 'jq' to extract data fields, which treats file content as data rather than executable logic.
Audit Metadata