cubicloop
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to facilitate its iterative review and fix loop. According to
SKILL.md, it runsmkdirto create workspace directories, invokes thecubicCLI tool for code analysis, and executes 'relevant validation (tests/lint/typecheck)' which typically involves project-specific scripts likenpm testorpytest.\n- [PROMPT_INJECTION]: The skill accepts direct user input through a--promptflag that is passed to thecubicCLI, allowing the user to influence the focus of the review. Additionally, it contains an indirect prompt injection surface related to processing CLI findings.\n - Ingestion points: The agent ingests data from JSON reports stored in
.cubicloop/iteration-N.jsonwhich contain findings from the local code review.\n - Boundary markers: The instructions in
SKILL.mddo not define boundary markers or 'ignore' instructions when parsing theissuesarray from the JSON output.\n - Capability inventory: The agent possesses the capability to execute subprocesses (via
cubicand validation scripts) and modify local source files to apply 'fixes' based on the findings.\n - Sanitization: There is no evidence of sanitization or safety checks performed on the titles or descriptions within the JSON findings before the agent acts on them to modify the source code.
Audit Metadata