stitch-loop
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability via the autonomous loop mechanism.
- Ingestion points: The agent is instructed to read
next-prompt.mdandSITE.mdat the start of every iteration to determine its tasks. - Boundary markers: There are no explicit boundary markers or instructions to disregard embedded commands within these data files, increasing the risk that instructions placed there (e.g., by a collaborator or via a pull request) would be executed with high authority.
- Capability inventory: The skill is granted broad permissions including
Bash(arbitrary command execution),Write(file system modification), andstitch*:*(content generation). - Sanitization: No evidence of sanitization or content validation exists for the inputs retrieved from the baton files before they are processed by the agent or used to generate the next iteration's prompt.
Audit Metadata