agent-manager-skill
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires cloning and executing code from an untrusted GitHub repository (fractalmind-ai/agent-manager-skill). This source is not on the trusted organizations list, posing a significant risk of executing malicious scripts on the host system.\n- [Persistence Mechanisms] (MEDIUM): The skill description mentions 'cron-friendly scheduling,' which indicates the capability to establish persistence on the host machine by creating scheduled tasks that run across sessions.\n- [Indirect Prompt Injection] (LOW): The 'assign' command creates an attack surface where untrusted input could influence agent behavior.\n
- Ingestion points: Standard input of the 'assign' command (e.g., via EOF blocks in command examples).\n
- Boundary markers: No boundary markers or 'ignore' instructions are provided to delimit untrusted data.\n
- Capability inventory: Management of local CLI agents via tmux sessions and execution of local python scripts.\n
- Sanitization: No input sanitization or validation is described in the skill metadata or instructions.
Recommendations
- AI detected serious security threats
Audit Metadata