agent-manager-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill requires cloning a repository from 'fractalmind-ai', an untrusted source, and then executes its Python scripts. This constitutes a download-then-execute pattern from a non-trusted external source.
- Persistence Mechanisms (HIGH): The skill explicitly includes 'cron-friendly scheduling', which is a standard method for ensuring that code continues to run across system sessions or reboots.
- Command Execution (MEDIUM): The skill manages system-level processes through 'tmux'. Interacting with shell-based session managers carries the risk of command injection if parameters like agent names are derived from untrusted inputs.
- Indirect Prompt Injection (LOW): The 'assign' command pulls task instructions from external files such as 'teams/fractalmind-ai-maintenance.md'. Evidence: (1) Ingestion point: external markdown files via 'assign' command; (2) Boundary markers: absent; (3) Capability inventory: tmux session management, process control, and cron scheduling; (4) Sanitization: none mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata