stuck-crewmate-recovery

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use a local script bin/fm-send.sh to send keystrokes (e.g., Escape) and one-line corrective text to target windows to resolve process loops.
  • [PROMPT_INJECTION]: The recovery workflow involves appending a "progress so far" note to a task "brief" and relaunching the agent. This creates a surface for indirect prompt injection.
  • Ingestion points: The skill reads process state from state/<id>.meta and generates "progress so far" notes based on the observed state of the crewmate.
  • Boundary markers: There are no instructions to use delimiters or ignore instructions within the appended progress notes.
  • Capability inventory: The agent can execute commands via bin/fm-send.sh, exit processes, and relaunch agents with new instructions.
  • Sanitization: The skill does not describe any sanitization or validation of the progress notes before they are interpolated into the new task brief for the relaunched agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 04:08 AM
Security Audit — agent-trust-hub — stuck-crewmate-recovery