dispatch
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a workflow to launch new agent instances via a shell command:
tmux new-window -n "$TITLE" "AGENT_MAILBOX_DIR='$ROOT' AGENT_MAILBOX_ID='$child_id' $AGENT \"$PROMPT\"". This represents a dynamic execution surface where the shell command is assembled at runtime using variable interpolation. - [COMMAND_EXECUTION]: The variables
$TITLEand$PROMPTare derived from untrusted sources, including the operator's conversation and the current focus context. The lack of explicit instructions to sanitize or escape these variables creates a significant risk of command injection. An attacker or malicious input could use shell metacharacters (e.g.,;,|,$(...)) to break out of the intended command string and execute arbitrary code in the host shell environment. - [COMMAND_EXECUTION]: Analysis of indirect injection surface (Category 8 rules):
- Ingestion points: Operator's request ("dispatch to ", "dispatch this to a new agent") and the focus context used for the kebab-case slug (file: SKILL.md).
- Boundary markers: None present in the tmux command template or the opencode prompt example.
- Capability inventory: Shell process spawning via
tmuxand the$AGENTCLI (file: SKILL.md). - Sanitization: Absent; the instructions do not describe any escaping, validation, or filtering logic for the input variables before they are interpolated into the executable command string.
Audit Metadata