Skills
skills/willoscar/research-units-pipeline-skills/deliverable-selfloop/Gen Agent Trust Hub

deliverable-selfloop

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of potentially untrusted content from workspace files. * Ingestion points: Processes data from UNITS.csv, papers/core_set.csv, and various deliverable/contract files in output/, outline/, and papers/. * Boundary markers: The instructions do not define delimiters or specific markers to isolate untrusted data from the agent's core instructions. * Capability inventory: The skill has file-read and file-write capabilities, specifically for rewriting deliverable files in the output/ directory. * Sanitization: There is no evidence of input validation, escaping, or filtering of the content read from the workspace files before it is processed by the model.
  • [NO_CODE]: This skill consists entirely of markdown instructions and does not include any executable scripts, binaries, or automated installers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 09:18 AM