Skills
skills/team-attention/code-squad/spets/Gen Agent Trust Hub

spets

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and runs the spets package from the npm registry using the npx command during skill initialization.
  • [REMOTE_CODE_EXECUTION]: The skill architecture defines a loop where the agent executes instructions and commands provided by an external orchestrator, effectively allowing remote control of the agent's behavior.
  • [COMMAND_EXECUTION]: Executes shell commands via npx and is instructed to run commands found in the onComplete field of the orchestrator's JSON response.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and follows instructions from an external tool without validation.
  • Ingestion points: JSON output returned from the npx spets command in SKILL.md.
  • Boundary markers: No delimiters or ignore-instructions warnings are used for the external content.
  • Capability inventory: Shell execution (npx), file system interaction, and general agent capabilities.
  • Sanitization: No validation or sanitization of the remote prompt or onComplete fields before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 11:01 AM