long-running-agent
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions that direct the agent to override or ignore specific user requests to ensure workflow compliance. It explicitly states that the agent must not skip any steps even if the user requests it due to time pressure.- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by design, as it relies on reading and interpreting documentation files provided within a project directory.
- Ingestion points: Reads multiple local files including progress.md, activeContext.md, feature-list.json, projectbrief.md, systemPatterns.md, and techContext.md.
- Boundary markers: The instructions do not define delimiters or specific safety markers to separate project content from the agent's internal instructions.
- Capability inventory: The skill utilizes git commands (log, status, add, commit, reset) and attempts to execute environment scripts (e.g., init.sh) and start development servers.
- Sanitization: No sanitization or validation logic is present to filter or escape instructions embedded within the Memory Bank files.- [COMMAND_EXECUTION]: The skill relies on executing system commands to manage project state and verify work.
- Evidence: The workflow includes executing git operations and conditionally running a local setup script (init.sh) found within the project environment.
Audit Metadata