autonomous-loops
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The Continuous Claude PR Loop section instructs users to install an external tool using the command
curl -fsSL https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh | bash. This pattern is highly insecure as it executes unverified code from a third-party GitHub repository directly on the user's system. - [COMMAND_EXECUTION]: The skill heavily utilizes shell scripting and external CLI tools (such as the GitHub CLI
gh) to automate git operations and development workflows. This execution model creates a significant attack surface where malicious input could lead to unintended system commands. - [PROMPT_INJECTION]: The skill's architecture for multi-agent DAG orchestration is susceptible to indirect prompt injection.
- Ingestion points: The skill processes external, potentially attacker-controlled specification files (
spec_file) and RFC/PRD documents. - Boundary markers: There are no explicit delimiters or system instructions provided to the agent to ignore instructions embedded within the data it processes.
- Capability inventory: The described workflows have extensive capabilities, including executing subprocesses via
claude -p, modifying files, and performing git operations. - Sanitization: No input validation, escaping, or filtering of the ingested document content is mentioned before it is used to drive agent actions.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata