autonomous-loops
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command that pipes a remote shell script directly to bash:
curl -fsSL https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh | bash. This executes unverified code from a third-party repository not belonging to the skill author or a trusted vendor. - [PROMPT_INJECTION]: Several patterns, including the 'Infinite Agentic Loop' and 'Continuous Claude PR Loop', ingest data from external files such as
specs/component-spec.mdandSHARED_TASK_NOTES.md. These files serve as ingestion points for untrusted content without defined boundary markers or sanitization, making the agent vulnerable to indirect prompt injection where malicious instructions in these files could hijack the loop's logic. - [COMMAND_EXECUTION]: The skill involves executing local scripts (e.g.,
node scripts/claw.js) and utilizing theTasktool for parallel agent deployment and filesystem modifications. These capabilities, when combined with the ingestion of untrusted data from the repository, allow for potentially dangerous command execution if the input data is compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata