loop-execution-evaluator
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs an automated build check using
npm run build. This is a standard verification step for a development evaluation agent. - [SAFE]: The agent reads local project files (
metadata.json,spec.md) to route the workflow to specialized evaluators. This data ingestion is restricted to the local environment and is required for the dispatcher's logic. - [SAFE]: The skill maintains workflow state by updating the local
metadata.jsonfile. This is standard behavior for coordinating multi-step AI agent tasks. - [SAFE]: Ingests project data from
spec.mdandmetadata.jsonwithout explicit sanitization or boundary markers. While this presents a surface for indirect prompt injection, the risk is considered low given the primary purpose of evaluating code and the absence of high-privilege operations outside the development context.
Audit Metadata