extend-agent
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to utilize local shell commands, specifically the
dockerCLI suite (inspect, logs, exec, compose) andcurl, to manage and verify the status of the local development environment and target agents. - [EXTERNAL_DOWNLOADS]: The agent fetches documentation and integration details from
docs.agno.com, the official documentation resource for the Agno framework, which is the platform the skill is designed to manage. - [REMOTE_CODE_EXECUTION]: The workflow requires the agent to modify Python agent files and restart Docker containers, effectively allowing it to manage the code execution lifecycle of agents on the host system.
- [DATA_EXFILTRATION]: The skill accesses project configuration and template files, including
pyproject.toml,app/config.yaml, andexample.env, to extract metadata about agents, their dependencies, and their operating parameters. - [PROMPT_INJECTION]: The skill exhibits an indirect injection surface through the ingestion of user-provided change requests and the processing of external agent code. Ingestion points: User-specified agent modifications; existing agent code files. Boundary markers: Not specified. Capability inventory: File system writes, Docker management, and local network requests. Sanitization: Not specified.
Audit Metadata