subagent-coordinator
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to build and execute shell commands using user-provided task prompts as command-line arguments (e.g.,
bun src/index.ts subagent run "task-1" "промпт задачи 1"). This pattern allows for command injection if the task descriptions contain shell metacharacters like semicolons, backticks, or redirection operators. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external task descriptions and integrates them into active command execution without sanitization.
- Ingestion points: Task prompts are accepted from user input and passed to the
bunruntime in the shell scripts described inSKILL.md. - Boundary markers: Absent. The task input is interpolated directly into the bash command string without delimiters or instructions for the agent to ignore embedded commands.
- Capability inventory: The skill utilizes shell execution (
bash), background process management (&), file system operations (ls,tee,wc), and theclaudeclaw progresstool. - Sanitization: Absent. There is no evidence of validation, escaping, or filtering of the user-provided strings before they are executed as part of a command line.
Audit Metadata