spawn
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
session_manager.py) using the system shell to manage session states. The command string includes the{session-id}variable, which may be susceptible to shell injection if the ID is derived from untrusted input without validation. - [PROMPT_INJECTION]: The skill processes data from configuration and template files to construct prompts for sub-agents, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: The skill reads from
.agenthub/sessions/{session-id}/config.yamlandreferences/agent-templates.mdto populate prompts. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating variables into the sub-agent prompt.
- Capability inventory: The skill spawns multiple autonomous agents and executes local system scripts via Python.
- Sanitization: No sanitization or validation of the input configuration values is documented before they are incorporated into executable prompts.
Audit Metadata