orchestration
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation in references/task-management.md instructs the agent to run 'bunx ccrecall sync' during team cleanup.
- [EXTERNAL_DOWNLOADS]: The 'bunx' command performs a runtime download of the 'ccrecall' package from the npm registry.
- [REMOTE_CODE_EXECUTION]: Executing an unverified external package from a remote registry using 'bunx' constitutes remote code execution.
- [PROMPT_INJECTION]: The skill facilitates multi-agent tasking which is vulnerable to indirect prompt injection if task descriptions contain malicious instructions.
- Ingestion points: Task descriptions defined in references/task-management.md and references/patterns.md.
- Boundary markers: Recommends a 'Worker preamble' instruction to limit sub-agent spawning but lacks structural boundaries for task content.
- Capability inventory: Sub-agent creation, team coordination, and command execution capabilities.
- Sanitization: No sanitization or escaping mechanisms are documented for interpolating data into task descriptions.
Audit Metadata