Skills
skills/molechowski/agent-skills/dev-agent-spawn/Gen Agent Trust Hub

dev-agent-spawn

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script dynamically generates and executes AppleScript via osascript to control the Ghostty terminal application, allowing the skill to programmatically open windows and send keyboard input.
  • [COMMAND_EXECUTION]: The skill launches the Claude Code agent with the --dangerously-skip-permissions flag and the sandbox: {enabled: false} configuration, which bypasses the agent's built-in security controls and grants it full access to the user's shell.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where untrusted data could influence the agent's behavior.
  • Ingestion points: The DIRECTORY, PROMPT, and SESSION_NAME parameters in agent-spawn.sh.
  • Boundary markers: Absent; inputs are interpolated directly into the terminal commands.
  • Capability inventory: osascript for UI control, tmux for session management, and claude with unsandboxed shell and filesystem access.
  • Sanitization: Basic character escaping is performed for AppleScript strings, but no escaping is performed for the target shell environment, allowing command substitution (e.g., via backticks) in directory or prompt variables.
  • [COMMAND_EXECUTION]: The skill documentation refers to and relies upon external Python scripts in ~/.agent-task-queue/ which are not part of the analyzed skill package and represent unverified execution dependencies.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 09:35 PM