agent-manager-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires cloning a repository from an untrusted source ('github.com/fractalmind-ai'). This organization is not on the trusted list, making the downloaded content unverifiable.
- [COMMAND_EXECUTION] (HIGH): Users are instructed to execute scripts ('agent-manager/scripts/main.py') directly from the untrusted repository. This follows the high-risk 'download and execute' pattern.
- [PERSISTENCE] (HIGH): The skill documentation mentions 'cron-friendly scheduling'. Use of cron is a standard persistence mechanism that allows code to execute periodically and survive system reboots.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests external task instructions via the 'assign' command.
- Ingestion points: Task assignments via 'assign' command.
- Boundary markers: Uses 'EOF' delimiters, which offer some isolation but do not prevent malicious instruction processing.
- Capability inventory: Process management ('tmux'), persistence ('cron'), and local script execution.
- Sanitization: No evidence of input validation or sanitization for assigned tasks.
Recommendations
- AI detected serious security threats
Audit Metadata