acp-loop
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the global npm package 'acp-loop' authored by 'femto'.
- [COMMAND_EXECUTION]: Uses the 'acp-loop' CLI tool to execute periodic agent prompts.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. (1) Ingestion points: User-provided prompt strings and agent output (monitored via --until). (2) Boundary markers: Not specified in documentation. (3) Capability inventory: Executes arbitrary agent prompts and interacts with agent CLI tools. (4) Sanitization: No sanitization of prompt input or agent output is mentioned.
Audit Metadata