extend-agent

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to utilize local shell commands, specifically the docker CLI suite (inspect, logs, exec, compose) and curl, to manage and verify the status of the local development environment and target agents.
  • [EXTERNAL_DOWNLOADS]: The agent fetches documentation and integration details from docs.agno.com, the official documentation resource for the Agno framework, which is the platform the skill is designed to manage.
  • [REMOTE_CODE_EXECUTION]: The workflow requires the agent to modify Python agent files and restart Docker containers, effectively allowing it to manage the code execution lifecycle of agents on the host system.
  • [DATA_EXFILTRATION]: The skill accesses project configuration and template files, including pyproject.toml, app/config.yaml, and example.env, to extract metadata about agents, their dependencies, and their operating parameters.
  • [PROMPT_INJECTION]: The skill exhibits an indirect injection surface through the ingestion of user-provided change requests and the processing of external agent code. Ingestion points: User-specified agent modifications; existing agent code files. Boundary markers: Not specified. Capability inventory: File system writes, Docker management, and local network requests. Sanitization: Not specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:03 PM
Security Audit — agent-trust-hub — extend-agent