secondmate-provisioning

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Provides instructions in SKILL.md for executing local vendor-specific shell scripts (e.g., bin/fm-brief.sh, bin/fm-home-seed.sh, bin/fm-spawn.sh) to provision and manage the lifecycle of 'secondmate' agents.
  • [PROMPT_INJECTION]: Implements a workflow for moving task items from the main backlog to sub-agents, creating an attack surface for indirect prompt injection.
  • Ingestion points: Reads and moves items from data/backlog.md into secondmate home directories as described in SKILL.md.
  • Boundary markers: Uses section headers and scope fields to organize data, but does not provide explicit guards against embedded instructions in the items.
  • Capability inventory: Ability to execute shell scripts in bin/, perform file-system operations, and spawn persistent tmux processes (referenced in SKILL.md).
  • Sanitization: No content sanitization or validation process for the backlog items is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 05:49 AM
Security Audit — agent-trust-hub — secondmate-provisioning