stuck-crewmate-recovery
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use a local script
bin/fm-send.shto send keystrokes (e.g.,Escape) and one-line corrective text to target windows to resolve process loops. - [PROMPT_INJECTION]: The recovery workflow involves appending a "progress so far" note to a task "brief" and relaunching the agent. This creates a surface for indirect prompt injection.
- Ingestion points: The skill reads process state from
state/<id>.metaand generates "progress so far" notes based on the observed state of the crewmate. - Boundary markers: There are no instructions to use delimiters or ignore instructions within the appended progress notes.
- Capability inventory: The agent can execute commands via
bin/fm-send.sh, exit processes, and relaunch agents with new instructions. - Sanitization: The skill does not describe any sanitization or validation of the progress notes before they are interpolated into the new task brief for the relaunched agent.
Audit Metadata