subagents-management
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several helper scripts (
create_subagent.py,delete_subagent.py,list_subagents.py,move_subagent.py) to perform filesystem operations. These scripts are used to manage files in standardized configuration paths such as~/.claude/agents/and.claude/agents/. - [DATA_EXPOSURE]: The skill interacts with sensitive configuration directories that store agent instructions and system prompts. This access is restricted to the intended purpose of managing subagent definitions.
- [INDIRECT_PROMPT_INJECTION]: The skill provides a mechanism to create persistent subagent definitions which include system prompts, creating a surface for potential instruction injection if the input is untrusted.
- Ingestion points:
scripts/create_subagent.pyaccepts a--promptargument used to populate the system prompt of a new subagent. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the generated files.
- Capability inventory: The skill possesses capabilities for file creation (
create_subagent.py), file deletion (delete_subagent.py), and file movement (move_subagent.py). - Sanitization: The
create_subagent.pyscript validates the subagent name for alphanumeric characters but does not sanitize or escape the content of the system prompt.
Audit Metadata