agent-mesh-creator
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands to manage agent lifecycles and start a persistent background daemon process on the host machine.\n- [EXTERNAL_DOWNLOADS]: The workflow involves downloading and installing the
@annals/agent-meshpackage from the npm registry, which is a resource owned by the vendor 'annals-ai'.\n- [CREDENTIALS_UNSAFE]: The skill handles sensitive authentication material, including user tokens for CLI login and bearer tokens for configuring external network exposure.\n- [DATA_EXFILTRATION]: Theagent-mesh agent exposecommand facilitates the creation of network tunnels from the local environment to external providers likeagents-hotandgeneric-a2a, potentially exposing local services to the internet.\n- [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection by processing untrusted Markdown files from local project directories.\n - Ingestion points: Local configuration and documentation files such as
SKILL.mdandCLAUDE.md.\n - Boundary markers: No delimiters or safety instructions are used to separate external content from the agent's instructions.\n
- Capability inventory: The agent has the ability to execute CLI commands and configure network-facing bridges.\n
- Sanitization: There is no evidence of validation or sanitization of the content within the ingested Markdown files.
Audit Metadata