Skills
skills/anentrypoint/plugforge/process-management/Gen Agent Trust Hub

process-management

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses exec:bash to run system commands. Specifically, it executes pm2 commands with user-provided placeholders <file> and <name>. This creates a command injection vulnerability if these inputs are not sanitized to prevent shell metacharacters (e.g., ;, &&, |) before being passed to the shell.
  • [REMOTE_CODE_EXECUTION]: The skill invokes bun x gm-exec, which fetches and executes a package from a registry at runtime. This introduces a dependency on the availability and integrity of the external gm-exec package.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes process names and file paths that may originate from untrusted external tasks or requirements.
  • Ingestion points: Process names and filenames are passed from the gm-execute phase into the pm2 start command template.
  • Boundary markers: The instructions lack explicit boundary markers or instructions to treat these values as untrusted data.
  • Capability inventory: The skill has the capability to start, stop, delete, and view logs for system processes via pm2.
  • Sanitization: There is no evidence of sanitization or validation of the <file> or <name> parameters within the skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 05:59 PM