system-bus
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses a vendor-specific CLI joelclaw for function management and run inspection, and executes kubectl for infrastructure operations in SKILL.md.
- [COMMAND_EXECUTION]: Implements internal task logic using Bun subprocess APIs (Bun.spawn, Bun.$) and calls a local inference utility pi within the system-bus package components.
- [EXTERNAL_DOWNLOADS]: Fetches images from GitHub Container Registry (GHCR) as part of the worker deployment model.
- [PROMPT_INJECTION]: Provides a surface for indirect prompt injection through external data ingestion.
- Ingestion points: Processes data from various webhook providers (GitHub, Vercel, Front, etc.) and Inngest events as documented in SKILL.md.
- Boundary markers: No specific delimiters or instruction-bypass warnings are mentioned for interpolating external data into prompts.
- Capability inventory: The worker possesses broad capabilities including subprocess execution and network interaction across its durable functions.
- Sanitization: Documentation lacks details on sanitization or validation for untrusted inputs before processing.
Audit Metadata