fleet-worker

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages agent lifecycles by executing the claude CLI and git commands. It uses these tools to spawn parallel workers in isolated worktrees and collect their results via the provided fleet-worker and fleet-collect.sh scripts.
  • [EXTERNAL_DOWNLOADS]: The diagnostic tool fleet-doctor.sh includes a live check that uses curl to verify connectivity and model availability at the configured provider endpoint (defaulting to the well-known service z.ai).
  • [PROMPT_INJECTION]: The skill implements an orchestration pattern where an orchestrator agent delegates tasks to workers. \n
  • Ingestion points: Task descriptions and prompts are passed as arguments or via stdin to the fleet-worker script (SKILL.md). \n
  • Boundary markers: The skill relies on Claude Code's internal tool boundaries; the wrapper does not introduce new ones but explicitly gates all worker output through a review process. \n
  • Capability inventory: Workers utilize the standard Claude Code tool harness (Bash, Read, Write, Edit) restricted by an isolated worktree and config (scripts/fleet-worker). \n
  • Sanitization: Security is enforced through structural isolation and the mandatory 'merge gate' described in references/fleet-ops-handoff.md, requiring manual or Opus-level verification before landing changes.
  • [DATA_EXFILTRATION]: The skill safely handles API keys for third-party model providers. It implements industry best practices by resolving credentials from environment variables or system keyrings at runtime, ensuring keys are never stored in the skill scripts or written to logs.
  • [SAFE]: The design utilizes advanced process isolation. By enforcing a clean CLAUDE_CONFIG_DIR, the skill prevents worker processes from accessing or inheriting sensitive subscription credentials from the host machine's primary configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 07:00 PM
Security Audit — agent-trust-hub — fleet-worker