secondmate-provisioning
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions in
SKILL.mdfor executing local vendor-specific shell scripts (e.g.,bin/fm-brief.sh,bin/fm-home-seed.sh,bin/fm-spawn.sh) to provision and manage the lifecycle of 'secondmate' agents. - [PROMPT_INJECTION]: Implements a workflow for moving task items from the main backlog to sub-agents, creating an attack surface for indirect prompt injection.
- Ingestion points: Reads and moves items from
data/backlog.mdinto secondmate home directories as described inSKILL.md. - Boundary markers: Uses section headers and
scopefields to organize data, but does not provide explicit guards against embedded instructions in the items. - Capability inventory: Ability to execute shell scripts in
bin/, perform file-system operations, and spawn persistent tmux processes (referenced inSKILL.md). - Sanitization: No content sanitization or validation process for the backlog items is mentioned.
Audit Metadata