Skills
skills/richfrem/agent-plugins-skills/create-sub-agent/Gen Agent Trust Hub

create-sub-agent

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local validation script (validate-agent.sh) and standard environment setup commands. These operations are scoped to the project environment and are used for verification of the generated agent files.
  • [REMOTE_CODE_EXECUTION]: No external code is downloaded or executed at runtime. All scripts and templates are local or referenced via relative paths within the project structure.
  • [DATA_EXFILTRATION]: No network activity or access to sensitive credentials (like SSH keys or environment secrets) was detected. The skill restricts its file operations to project-specific paths.
  • [PROMPT_INJECTION]: The skill instructions and associated evaluation files (evals.json) explicitly address the risk of parameter injection, requiring the agent to validate input like agent names before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:09 PM