worker
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs agents to follow commands found in external files which are vulnerable to manipulation. • Ingestion points: inbox.md, task files, and worker mailbox JSON files located in the team state root. • Boundary markers: None specified; the agent is explicitly told to follow instructions without delimiters. • Capability inventory: Execution of the 'omx' CLI for messaging and task lifecycle management, and performance of arbitrary 'work'. • Sanitization: No validation or content filtering is performed on external content.
- [COMMAND_EXECUTION]: The skill executes the 'omx' CLI tool using shell templates that incorporate variable data from the environment and external files. Additionally, the skill dynamically resolves its own path from computed locations including the leader's current working directory, which could lead to the loading of untrusted skill definitions if the environment is compromised.
Audit Metadata