agent-manager-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill executes code (python3 agent-manager/scripts/main.py) that has been locally cloned from an untrusted source, allowing for arbitrary command execution on the user's system.
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to clone a repository from github.com/fractalmind-ai, which is not a trusted organization. This allows the author to deliver malicious code to the user's environment.
- COMMAND_EXECUTION (MEDIUM): The skill relies on tmux for process management and mentions cron-friendly scheduling, both of which are common vectors for maintaining persistence or running malicious background activity.
- PROMPT_INJECTION (LOW): Vulnerable to indirect prompt injection due to ingesting untrusted markdown files (e.g., teams/fractalmind-ai-maintenance.md). Evidence Chain: 1. Ingestion point: external workflow files. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess management via tmux and script execution. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata