coordinator
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The skill instructs the agent to execute a shell command 'rm -rf .claude/plans//' in SKILL.md. This is a high-risk command that could lead to unintended file deletion or directory traversal if the plan-id variable is manipulated by an untrusted source.
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its ingestion of plan and manifest files.
- Ingestion points: manifest.json and plan.md (SKILL.md lines 48-52).
- Boundary markers: Absent. No delimiters or safety instructions are provided to distinguish between plan data and coordinator instructions.
- Capability inventory: Spawning sub-agents, file read/write, and shell command execution (rm) in SKILL.md.
- Sanitization: Absent. There is no mention of validating or sanitizing the contents of the ingested manifest or the plan-id variable.
- Security Best Practices (LOW): The skill's default 'TEXT Mode' (SKILL.md line 26) allows for tool execution without user pre-confirmation, which increases the potential impact of malicious plan data or prompt injections.
Audit Metadata