agent-decommissioning
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external agent prompts and configuration files to identify dependencies and update routing logic.
- Ingestion points: Phase 1 and Phase 4 read data from files in
~/code/prompts/agents/,~/code/prompts/skills-lock.json, and.claude-plugin/plugin.json. - Boundary markers: No explicit boundary markers or instructions to disregard embedded commands are used when reading these files.
- Capability inventory: The skill has high-impact capabilities including file deletion (
rm), git repository modification (git push), and infrastructure management via theclawnetCLI. - Sanitization: No sanitization or validation of the content within the processed markdown or JSON files is performed.
- [COMMAND_EXECUTION]: The skill utilizes several system commands to execute its primary purpose of agent removal.
- Evidence: Uses
rmto delete agent files and avatars, andgitcommands (add,commit,push) to publish changes. These operations are restricted to specific development paths (~/code/prompts/). - Infrastructure Control: Uses a custom CLI (
clawnet) to stop sandboxes and delete bot identities, which is consistent with the skill's documented administrative role.
Audit Metadata