agent-lifecycle-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of Markdown documentation. No executable scripts (.py, .js, .sh) or configuration files that trigger code execution are included in the skill definition.
- [Prompt Injection] (SAFE): No instructions were found that attempt to override AI safety guardrails, extract system prompts, or bypass intended constraints.
- [Data Exposure & Exfiltration] (SAFE): The skill does not reference sensitive local file paths (e.g., ~/.ssh) or define network operations targeting non-whitelisted domains. It suggests standard tools like 'Read' and 'Grep' for file analysis within the intended scope.
- [Indirect Prompt Injection] (SAFE): While the skill describes patterns (e.g., Scout-Build) where output from one agent is used as input for another, it does not implement these workflows in a way that bypasses security. The risk described is an inherent property of multi-agent orchestration rather than a malicious pattern in the skill itself.
- Ingestion points: agent-lifecycle-management (SKILL.md) describes using prompt interpolation for the 'Command' operation.
- Boundary markers: The documentation suggests specific prompt structures but does not explicitly define sanitization delimiters.
- Capability inventory: The templates suggest the use of 'Bash', 'Write', and 'Edit' tools for builder agents.
- Sanitization: Not applicable as no implementation code is provided.
Audit Metadata