opc-architecture
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The architecture utilizes
subprocess.Popen(["claude", "-p", "prompt"])to spawn child agents. This mechanism allows the parent process to execute arbitrary system commands via the Claude CLI, which is a significant security risk if the prompt or environment is influenced by untrusted data. - [PROMPT_INJECTION] (HIGH): The core design relies on passing dynamically generated prompts to child processes. This creates a large surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Data entering the parent agent's context (e.g., files, tool outputs) is interpolated into prompts for child agents.
- Boundary markers: None described in the architecture; prompts appear to be passed directly as command-line arguments.
- Capability inventory: Subprocess spawning, PostgreSQL/Redis access, and file system read/write in
.claude/cache/. - Sanitization: Not mentioned; the architecture assumes the parent agent can safely construct prompts for children.
- [NO_CODE] (INFO): This file is an architectural overview. While it describes high-risk behaviors, the actual implementation of hooks and scripts (e.g., in
.claude/hooks/oropc/scripts/) is not provided for direct inspection.
Recommendations
- AI detected serious security threats
Audit Metadata