skills/fuzzyfox/skills/dispatch/Gen Agent Trust Hub

dispatch

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines a workflow to launch new agent instances via a shell command: tmux new-window -n "$TITLE" "AGENT_MAILBOX_DIR='$ROOT' AGENT_MAILBOX_ID='$child_id' $AGENT \"$PROMPT\"". This represents a dynamic execution surface where the shell command is assembled at runtime using variable interpolation.
  • [COMMAND_EXECUTION]: The variables $TITLE and $PROMPT are derived from untrusted sources, including the operator's conversation and the current focus context. The lack of explicit instructions to sanitize or escape these variables creates a significant risk of command injection. An attacker or malicious input could use shell metacharacters (e.g., ;, |, $(...)) to break out of the intended command string and execute arbitrary code in the host shell environment.
  • [COMMAND_EXECUTION]: Analysis of indirect injection surface (Category 8 rules):
  • Ingestion points: Operator's request ("dispatch to ", "dispatch this to a new agent") and the focus context used for the kebab-case slug (file: SKILL.md).
  • Boundary markers: None present in the tmux command template or the opencode prompt example.
  • Capability inventory: Shell process spawning via tmux and the $AGENT CLI (file: SKILL.md).
  • Sanitization: Absent; the instructions do not describe any escaping, validation, or filtering logic for the input variables before they are interpolated into the executable command string.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 10:11 AM
Security Audit — agent-trust-hub — dispatch