summoner
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its role as a multi-agent orchestrator.
- Ingestion points: The skill ingests untrusted data from user requirements and the outputs of sub-agents created via the
Tasktool. These are documented in theMission Control Document(MCD). - Boundary markers: The skill uses Markdown headers (e.g., in
mission-control-template.md) to separate context, but lacks explicit delimiters or instructions to ignore embedded commands within sub-agent outputs. - Capability inventory: The skill has access to
Bash,Task,Write, andEdittools, allowing it to modify the file system and spawn additional processes based on potentially poisoned input. - Sanitization: While
init_mission.pyperforms basic slugification on filenames, there is no evidence of sanitization or escaping for data interpolated into the agent prompts defined inagent-spec-template.md. - [COMMAND_EXECUTION]: The skill includes Python scripts (
init_mission.py,validate_quality.py) intended for initialization and quality checks. These scripts use standard libraries to manage files and interactive input. While they execute via the command line, they do not perform dangerous system operations or handle unsanitized shell commands.
Audit Metadata