while-true
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions to override typical agent flow-control, specifically forbidding the agent from stopping after reporting progress if tasks remain. It implements a 'Start-before-report' rule that requires the agent to begin the next iteration before communicating with the user.
- [PROMPT_INJECTION]: The skill creates a surface for Indirect Prompt Injection by instructing the agent to 'assess current reality' from untrusted repository files and immediately 'start executing that task'.
- Ingestion points: SKILL.md (Situation Assessment Protocol Step 1) specifies reading plan files, logs, and documentation.
- Boundary markers: Absent. There are no instructions to use delimiters or 'ignore instructions' markers when reading these files.
- Capability inventory: The skill enables autonomous modification of files and execution of shell commands (validation commands).
- Sanitization: Absent. The skill does not provide mechanisms for validating content retrieved from external files before using it to drive execution.
- [NO_CODE]: The skill consists only of instructional markdown files and does not include any executable scripts, binaries, or external dependencies.
Audit Metadata