loom-usage
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill focuses on using shell commands via the 'loom' CLI to manage project states. It covers initializing plans, running background daemons for orchestration, and using diagnostic commands to recover from failures.
- [PROMPT_INJECTION]: The skill involves the agent reading and interpreting data from external project files such as markdown plans and stage state files. While this creates a surface for indirect prompt injection, the documentation indicates that the tool includes validation logic, such as checking for path traversal, to mitigate risks associated with processing these files.
Audit Metadata