agent-teams
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages multiple Claude processes by constructing and executing shell commands for tmux. It mitigates shell injection risks by enforcing strict regex validation (^[A-Za-z0-9_-]+$) on dynamic parameters such as agent and team names.
- [EXTERNAL_DOWNLOADS]: References standard system package managers (brew, apt) for tool installation. No untrusted remote scripts, binaries, or third-party packages are downloaded or executed.
- [DATA_EXFILTRATION]: Skill operations are confined to the local filesystem (~/.claude/) for managing task and message states. There is no evidence of unauthorized network activity or exfiltration of sensitive information.
- [SAFE]: The skill implements defensive programming practices, including the use of fcntl exclusive locks and atomic write patterns (tempfile + os.replace) to ensure concurrency safety and prevent data corruption.
Audit Metadata