loop-architect

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/looper.py to detect installed AI command-line interfaces (e.g., Kiro, Claude, Ollama) by probing their versions and authentication status.
  • [COMMAND_EXECUTION]: The generated Python runner template (templates/run-loop.py) utilizes subprocess.run to execute user-defined programmatic verification scripts and to invoke configured external AI models via their respective CLI tools.
  • [EXTERNAL_DOWNLOADS]: The helper script scripts/looper.py relies on the PyYAML Python package for configuration parsing and provides instructions to the user for installing it via pip if it is not present in the environment.
  • [DATA_EXFILTRATION]: To mitigate risks of accidental data exposure, the skill implements logic in templates/run-loop.py that reads and redacts sensitive local files (such as .env and .key files) from prompts before they are sent to external APIs, and enforces a consent gate for the first transmission to any non-local model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 12:01 AM
Security Audit — agent-trust-hub — loop-architect