agent-manager
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Arbitrary shell command execution via conditional expressions.
- The
work_schedule.pyservice evaluateswhenexpressions from agent configurations by executing the content of$(...)patterns directly throughsubprocess.run(shell=True). This allows any shell command defined in the agent's YAML metadata to be executed during schedule checks. - [COMMAND_EXECUTION]: Modification of system persistence mechanisms.
- The
schedule_helper.pyscript programmatically reads and writes to the system crontab usingcrontab -landcrontab [file]. This is used to persist agent tasks and heartbeat monitors across system restarts and sessions. - [COMMAND_EXECUTION]: Dynamic construction and execution of launcher commands.
- The
main.pyscript assembles shell command strings from configuration data to launch agent sessions intmux. While it usesshlex.quotefor individual arguments, it executes the resulting strings in a shell environment. - [COMMAND_EXECUTION]: Background process spawning and daemon-like behavior.
- The
timer.pycommand usessubprocess.Popenwithstart_new_session=Trueto fork worker processes that remain active in the background to execute delayed actions. - [COMMAND_EXECUTION]: Dynamic script discovery and execution.
- The
heartbeat_service.pymodule searches for and executes anotify.pyscript from other skills across multiple paths, including the user's home directory (~/.agent/skills/or~/.claude/skills/).
Audit Metadata