looper-looper
Fail
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute an installation script from a remote GitHub repository by piping it directly to the shell (
curl -fsSL ... | sh). This occurs inSKILL.mdandreferences/cli.mdtargetinghttps://raw.githubusercontent.com/nexu-io/looper/main/scripts/install.shandhttps://raw.githubusercontent.com/nexu-io/looper/main/scripts/uninstall.sh. - [COMMAND_EXECUTION]: The skill performs extensive shell operations, including:
- Preflight environment checks using
unameandcommand -v. - Managing the
looperdbackground daemon, including installation and starting/restarting. - Persistence setup on macOS via LaunchAgents plist configuration.
- Executing a local diagnostic script provided with the skill (
scripts/check.sh). - [EXTERNAL_DOWNLOADS]: In addition to the install scripts, the skill prompts the agent to install dependencies such as
gitandghvia Homebrew (brew install) and installs GitHub CLI extensions (gh extension install cli/gh-webhook). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to process data from external, untrusted repositories (GitHub/Forgejo issues and pull requests) which are then used to drive automated tasks.
- Ingestion points: Remote repository data including issue titles, descriptions, comments, and labels (
SKILL.md,references/config.md). - Boundary markers: The instructions recommend user confirmation before destructive steps and suggest using read-only status commands first.
- Capability inventory: The skill has capabilities to write configuration files, perform network operations via GitHub/Forgejo APIs, and execute shell commands for loop automation.
- Sanitization: No specific sanitization or validation logic for the content of the issues/PRs is mentioned in the skill instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nexu-io/looper/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata