paseo-committee
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates user-provided $ARGUMENTS directly into the prompts used to spawn sub-agents without sanitization or protective boundary markers.
- Ingestion points: User input via the $ARGUMENTS variable in SKILL.md.
- Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when interpolating external content.
- Capability inventory: The skill utilizes 'paseo run', 'paseo send', and 'paseo logs' in SKILL.md to execute, monitor, and interact with other agent instances.
- Sanitization: The skill does not perform any escaping, validation, or filtering of the user-provided context.
- [COMMAND_EXECUTION]: The skill instructs the main agent to spawn sub-agents using high-privilege or safety-bypass flags.
- Evidence: Explicit instructions in SKILL.md to use the --mode bypass and --mode full-access flags with the 'paseo run' command.
Audit Metadata