agent-ops
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/init.shshell script performs workspace initialization by creating a local directory structure and populating templates for task tracking and sub-agent registries using standard shell commands.\n- [COMMAND_EXECUTION]: Thescripts/spawn.mjsNode.js script manages the orchestration lifecycle by reading and writing to local JSON state files in theagents/directory to track active tasks and sub-agent status.\n- [PROMPT_INJECTION]: The skill handles untrusted data by interpolating user-provided task descriptions into sub-agent prompts. It includes architectural safeguards such as 'Identity Boundary' instructions to prevent sub-agents from exceeding their intended roles.\n - Ingestion points: Task descriptions passed as command-line arguments to
spawn.mjsand user input keywords processed inSKILL.md.\n - Boundary markers: Explicit 'IDENTITY BOUNDARY' sections in system prompts (e.g., 'You are NOT the main agent. You work FOR the main agent.') defined in
agents/registry.json.\n - Capability inventory: Local file writing for state management and command string generation for the
sessions_spawntool.\n - Sanitization: Basic regex filtering is used for task identifier generation, though the skill relies primarily on instructional boundaries rather than strict input sanitization.
Audit Metadata