autonomous-loop
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local scripts for session management, including 'node cavekit-tools.cjs' for setup, status checks, and teardown. These commands depend on an environment variable for the plugin root.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The autonomous loop architecture relies on a routing script that analyzes the session transcript and generates the next prompt for the agent. This creates a feedback mechanism where untrusted data within the transcript can influence future agent behavior. * Ingestion points: The stop hook reads the session transcript from a specified path. * Boundary markers: There is no mention of delimiters or instructions to ignore commands found within the transcript. * Capability inventory: The agent has permissions to execute shell commands and read/write files within the project's .cavekit directory. * Sanitization: The documentation does not describe any validation or escaping of transcript content before it is used to generate subsequent prompts.
Audit Metadata