message-bus
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The board deliberation protocol in SKILL.md (specifically within the invoke_board_meeting and dispatch_board_directors logic) is vulnerable to indirect prompt injection. Untrusted data from the proposal and inter-agent discussion messages is interpolated directly into director prompts without sanitization or boundary markers. 1. Ingestion points: Proposal content and discussion messages stored in JSONL files. 2. Boundary markers: None identified in the prompt templates. 3. Capability inventory: The skill permits extensive file system operations (read/write/create) and influences the orchestrator's decision-making process. 4. Sanitization: No validation or escaping of external content is performed before interpolation.
- [COMMAND_EXECUTION]: The helper script scripts/monitor-bus.py uses os.system() to clear the terminal screen in watch mode. While the commands used ('cls' or 'clear') are hardcoded and do not pose a direct command injection threat, the use of os.system is a discouraged coding practice for executing shell commands.
Audit Metadata