loop-factory
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to clone the Loop-Factory repository from GitHub and install agent CLIs from official providers. These are standard installation procedures for the tool's core functionality.
- [COMMAND_EXECUTION]: The framework executes shell commands for repository management, environment health checks, and state transitions using its own CLI.
- [REMOTE_CODE_EXECUTION]: When the execution flag is enabled, the skill runs local agent CLIs and executes verification scripts defined within the markdown task specifications. This is the intended behavior for automated testing and verification.
- [PROMPT_INJECTION]: The skill processes markdown files that could contain untrusted instructions. To mitigate this risk, the framework enforces a manual "Grill Gate" for clarification and a "Review Gate" that requires human acceptance before work is archived.
Audit Metadata