loop-orchestrator
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill dispatches task iterations to sub-agents using various harnesses such as
claude -pandcodex execvia a separateloop-runnerskill. - [INDIRECT_PROMPT_INJECTION]: The skill implements a 'STEER' mechanism that reads content from
.loop/<name>/STEER.mdand injects it into sub-agent instructions. - Ingestion points: Reads from
.loop/*/state.jsonand.loop/<name>/STEER.md(SKILL.md). - Boundary markers: External instructions are prefixed with the label 'operator steering: ' (SKILL.md).
- Capability inventory: The skill dispatches iterations to a runner which possesses file-write and execution capabilities.
- Sanitization: No specific sanitization or escaping is mentioned for the content injected from steering files.
- [DATA_EXPOSURE]: The skill reads operational metadata, state files, and journals from the
.loop/directory to generate fleet-wide status reports.
Audit Metadata