complete
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a background bash script ('wait-for-ready.sh') to monitor the progress of a secondary agent. This script performs filesystem polling and interacts with the tmux process manager.
- [COMMAND_EXECUTION]: Instructions direct the agent to invoke the builder tool with the '--dangerously-bypass-approvals-and-sandbox' flag. This removes platform safety controls and grants the agent full local access, though the skill is designed to ask for user permission first.
- [PROMPT_INJECTION]: The skill's control loop relies on data generated by an external builder to make orchestration decisions. This creates a surface for indirect prompt injection where the builder's output could potentially influence the orchestrator's logic.
Audit Metadata