message-bus
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The monitoring script
scripts/monitor-bus.pyusesos.systemto clear the terminal screen during the watch loop. Evidence (scripts/monitor-bus.py):os.system('cls' if os.name == 'nt' else 'clear'). - [PROMPT_INJECTION]: The design of the message bus and board protocol allows agents to ingest and process data from other agents, which presents an attack surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through shared files including
queue.jsonl,assessments.json, anddiscussion.jsonl(SKILL.md, scripts/monitor-bus.py). - Boundary markers: There are no explicit delimiters or system instructions used in the message templates to distinguish between control commands and data content.
- Capability inventory: Agents utilizing the bus can read and write files within the
track_path, potentially influencing orchestrator decisions based on deltas in theboard/files. - Sanitization: The provided implementation relies on basic JSON parsing and does not sanitize or validate strings retrieved from the message queue before they are interpolated into director prompts.
- [SAFE]: The skill's functionality is consistent with its stated purpose of providing inter-agent communication infrastructure using standard local file system operations.
Audit Metadata