loop-orchestrator

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill dispatches task iterations to sub-agents using various harnesses such as claude -p and codex exec via a separate loop-runner skill.
  • [INDIRECT_PROMPT_INJECTION]: The skill implements a 'STEER' mechanism that reads content from .loop/<name>/STEER.md and injects it into sub-agent instructions.
  • Ingestion points: Reads from .loop/*/state.json and .loop/<name>/STEER.md (SKILL.md).
  • Boundary markers: External instructions are prefixed with the label 'operator steering: ' (SKILL.md).
  • Capability inventory: The skill dispatches iterations to a runner which possesses file-write and execution capabilities.
  • Sanitization: No specific sanitization or escaping is mentioned for the content injected from steering files.
  • [DATA_EXPOSURE]: The skill reads operational metadata, state files, and journals from the .loop/ directory to generate fleet-wide status reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 11:39 AM
Security Audit — agent-trust-hub — loop-orchestrator