Skills
skills/claudiodearaujo/izacenter/agent-manager-skill/Gen Agent Trust Hub

agent-manager-skill

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download external code from https://github.com/fractalmind-ai/agent-manager-skill.git, which is an unverified source not included in the trusted vendors list.
  • [REMOTE_CODE_EXECUTION]: The skill executes Python scripts (agent-manager/scripts/main.py) directly from the externally downloaded repository, creating a path for arbitrary code execution on the host system.
  • [COMMAND_EXECUTION]: The skill utilizes tmux and python3 to manage local agent processes and sessions. It explicitly mentions 'cron-friendly scheduling', which implies the ability to modify system scheduling tasks and establish persistence.
  • [PROMPT_INJECTION]: The assign command provides an ingestion point for untrusted data via a heredoc (EOF) block. This surface allows for indirect prompt injection where instructions embedded in the input could influence agent behavior. Capability inventory includes process management and session monitoring. No explicit sanitization or boundary markers are documented to prevent instruction override.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 01:13 AM