fleet-ops

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fleet.sh uses the eval command to execute the TEST_CMD string defined in the local configuration file .claude/fleet/config. This allows for arbitrary shell command execution during the landing process.
  • [COMMAND_EXECUTION]: The skill manages a background daemon process using Bash(run_in_background: true) and implements signal trapping and PID file management to coordinate multiple sessions.
  • [COMMAND_EXECUTION]: The init command performs automated modifications to the repository's .gitignore file and may execute Git commits to track these changes automatically.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface.
  • Ingestion points: The scripts/signal.sh script reads and parses file content from user-provided paths (intended for test logs) to determine if a lane is "READY".
  • Boundary markers: None; the content of the log file is processed without delimiters to isolate it from the signaling logic.
  • Capability inventory: The orchestrator script scripts/fleet.sh can execute shell commands via eval and perform high-impact Git operations like merge, revert, and rebase based on the signals.
  • Sanitization: Limited to basic keyword filtering (grep) for failure or error markers within the log files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:51 PM
Security Audit — agent-trust-hub — fleet-ops