manager
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill's behavior is consistent with its stated purpose as a task manager.
- [COMMAND_EXECUTION]: The skill provides instructions for executing system commands and providing PowerShell workarounds for policy-restricted environments. This is a primary function of the manager role to coordinate repository operations.
- [EXTERNAL_DOWNLOADS]: The skill references and installs tools from the 'metyatech' GitHub organization and NPM scope, including 'agents-mcp', 'task-tracker', and 'thread-inbox'. These are documented as vendor-controlled resources and do not represent untrusted external code execution.
- [PROMPT_INJECTION]: The skill processes untrusted data from user messages and sub-agent reports. (1) Ingestion points: 'SKILL.md' (delegated agent reports, GitHub notification bodies). (2) Boundary markers: Present (Structured AC-to-evidence deliverable format). (3) Capability inventory: Subprocess calls, file-write, and network operations (GitHub API). (4) Sanitization: No explicit sanitization of input data is defined beyond the structured reporting format. This surface is inherent to the orchestration use-case and is managed through verification gates.
Audit Metadata