looper-looper

Fail

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute an installation script from a remote GitHub repository by piping it directly to the shell (curl -fsSL ... | sh). This occurs in SKILL.md and references/cli.md targeting https://raw.githubusercontent.com/nexu-io/looper/main/scripts/install.sh and https://raw.githubusercontent.com/nexu-io/looper/main/scripts/uninstall.sh.
  • [COMMAND_EXECUTION]: The skill performs extensive shell operations, including:
  • Preflight environment checks using uname and command -v.
  • Managing the looperd background daemon, including installation and starting/restarting.
  • Persistence setup on macOS via LaunchAgents plist configuration.
  • Executing a local diagnostic script provided with the skill (scripts/check.sh).
  • [EXTERNAL_DOWNLOADS]: In addition to the install scripts, the skill prompts the agent to install dependencies such as git and gh via Homebrew (brew install) and installs GitHub CLI extensions (gh extension install cli/gh-webhook).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to process data from external, untrusted repositories (GitHub/Forgejo issues and pull requests) which are then used to drive automated tasks.
  • Ingestion points: Remote repository data including issue titles, descriptions, comments, and labels (SKILL.md, references/config.md).
  • Boundary markers: The instructions recommend user confirmation before destructive steps and suggest using read-only status commands first.
  • Capability inventory: The skill has capabilities to write configuration files, perform network operations via GitHub/Forgejo APIs, and execute shell commands for loop automation.
  • Sanitization: No specific sanitization or validation logic for the content of the issues/PRs is mentioned in the skill instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nexu-io/looper/main/scripts/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — looper-looper