loop-designer

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill mandates a 'propose-only' security posture for newly created loops, requiring a promotion phase involving human review and multiple successful 'clean cycles' before write access is granted to the filesystem or external services (references/loop-charter-template.md).
  • [COMMAND_EXECUTION]: During the validation stage, the agent is instructed to execute generated shell commands locally to confirm they function correctly before the design is finalized (references/loop-doctor.md, item D3).
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests user-supplied goals which are used to generate executable verification steps.
  • Ingestion points: User goals and task descriptions provided during the design interview (SKILL.md).
  • Boundary markers: The skill uses structured markdown sections and specific file-backed states (LOOP.md, state.json) to isolate goal data from core instructions.
  • Capability inventory: Local shell execution for unit verification and metric tracking (e.g., pnpm test, script validation).
  • Sanitization: The mandatory 'loop-doctor' check verifies the outcome of generated commands, providing a functional validation layer.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 11:39 AM
Security Audit — agent-trust-hub — loop-designer