amq-spec
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses a multi-agent protocol that is inherently susceptible to indirect prompt injection. Agents are instructed to read and act on content received from a partner agent without specific sanitization or trust boundaries.
- Ingestion points: Inter-agent messages are ingested via
amq thread --include-bodyandamq drain --include-body(described inSKILL.mdandreferences/spec-workflow.md). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings for content received from the partner agent.
- Capability inventory: Agents can execute shell commands via the
amqCLI tool and have broad file system access during the parallel research phase. - Sanitization: There are no provisions for sanitizing or escaping the data exchanged between agents before it is processed.
- [COMMAND_EXECUTION]: The skill provides shell command templates that interpolate untrusted variable content (e.g.,
<findings>,<problem>,<topic>) directly into command arguments. This pattern could lead to command injection if the agent does not correctly escape shell metacharacters when executing these instructions.
Audit Metadata