opc-architecture
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The architecture explicitly utilizes 'subprocess.Popen' to spawn and manage child Claude CLI instances, enabling complex command execution patterns within the local environment.\n- Indirect Prompt Injection (LOW): The use of a shared PostgreSQL/Redis database and local cache for inter-agent communication creates an ingestion surface where data from child agents could influence the parent process. Evidence Chain: 1. Ingestion points: PostgreSQL database and
.claude/cache/files. 2. Boundary markers: Absent in the described architecture. 3. Capability inventory: Subprocess spawning and file-system modification (hooks and skills). 4. Sanitization: None mentioned for data retrieved from the coordination backend.
Audit Metadata