loops
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using curl to interact with the Loops API. This behavior is consistent with the skill's documented purpose of managing email contacts and sending transactional emails.
- [EXTERNAL_DOWNLOADS]: The skill communicates with app.loops.so, the official API endpoint for the Loops service. This is a well-known service, and the communication is required for the skill's functionality.
- [CREDENTIALS_UNSAFE]: The skill correctly manages sensitive information by using the LOOPS_TOKEN environment variable rather than hardcoding credentials. It provides instructions for users to securely set this variable.
- [DATA_EXFILTRATION]: Data is sent to the Loops API, which is the intended function of the skill for managing email marketing and transactional communications.
Audit Metadata