conductor-manage
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including
rm -rf,mv,mkdir, andgitto manipulate the file system within theconductor/directory. While these operations are necessary for lifecycle management, the use ofrm -rfon paths derived from identifiers requires caution. The skill effectively mitigates this risk by requiring the exact string 'DELETE' for confirmation and verifying that the target directory exists before execution.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from local files that could be influenced by external sources. - Ingestion points:
conductor/tracks/{trackId}/metadata.json,conductor/tracks/{trackId}/plan.md, andconductor/tracks.md. - Boundary markers: The skill does not define explicit delimiters or instructions for the agent to ignore potentially malicious embedded commands when reading these files.
- Capability inventory: The skill has the capability to delete files (
rm -rf), move directories (mv), and create git commits (git commit). - Sanitization: No explicit sanitization or validation of the file content is performed beyond checking for file existence.
Audit Metadata