agent-management
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The installation instructions require cloning a repository from 'github.com/23blocks-OS/ai-maestro-plugins.git', which is not a trusted organization.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user to execute './install-agent-cli.sh' immediately after cloning the untrusted repository. This represents a high-risk 'download and execute' pattern.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on 'aimaestro-agent.sh' to perform lifecycle tasks. Commands such as 'create --dir ' and 'update --task ' use unvalidated input which may be vulnerable to shell injection if not properly sanitized.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The 'plugin install' and 'marketplace add' features allow for the dynamic loading and execution of third-party code into the agent environment from potentially untrusted sources.
- [INDIRECT_PROMPT_INJECTION] (LOW): Parameters like '--task' and agent names ingest untrusted data that the AI agent likely processes as instructions, creating a surface for indirect prompt injection. Boundary markers are not specified.
Recommendations
- AI detected serious security threats
Audit Metadata