loop-designer
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill mandates a 'propose-only' security posture for newly created loops, requiring a promotion phase involving human review and multiple successful 'clean cycles' before write access is granted to the filesystem or external services (references/loop-charter-template.md).
- [COMMAND_EXECUTION]: During the validation stage, the agent is instructed to execute generated shell commands locally to confirm they function correctly before the design is finalized (references/loop-doctor.md, item D3).
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests user-supplied goals which are used to generate executable verification steps.
- Ingestion points: User goals and task descriptions provided during the design interview (SKILL.md).
- Boundary markers: The skill uses structured markdown sections and specific file-backed states (LOOP.md, state.json) to isolate goal data from core instructions.
- Capability inventory: Local shell execution for unit verification and metric tracking (e.g., pnpm test, script validation).
- Sanitization: The mandatory 'loop-doctor' check verifies the outcome of generated commands, providing a functional validation layer.
Audit Metadata