Archon Manager
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The README.md instructs users to clone and run code from 'https://github.com/coleam00/Archon.git'. As this is not a trusted source organization, it represents a risk of executing unverified external code.
- Command Execution (MEDIUM): The installation process involves 'docker compose up', which executes multiple containers with significant system access based on external configurations.
- Indirect Prompt Injection (LOW): Tools such as 'crawl_website' and 'add_document' ingest untrusted content from the web and PDFs for RAG. 1. Ingestion points: crawl_website and add_document tools (README.md). 2. Boundary markers: Absent in instructions. 3. Capability inventory: Modifies database state and makes external API calls (manifest.yaml). 4. Sanitization: Not specified.
- Data Exposure (LOW): The manifest.yaml requires a 'SUPABASE_SERVICE_ROLE_KEY'. While it is an environment variable, this high-privilege key bypasses security policies and should be handled with extreme care.
Audit Metadata