agent-lifecycle-manager
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including
npm,uv, andgitto perform lifecycle tasks such as building, testing, and installing agent packages. These commands are executed locally within the repository environment. - [EXTERNAL_DOWNLOADS]: The 'Discover' lifecycle stage delegates research to tools that may fetch information from external web sources to verify platform behavior and research agent patterns. This is a functional requirement for agent discovery.
- [DATA_EXPOSURE]: The skill accesses local agent configuration files (e.g.,
agent.json,claude-code.md,codex.toml) to ensure contract alignment and detect configuration drift across different platform surfaces. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from external research and user prompts. It mitigates injection risks by enforcing a separate research handoff phase (Phase 2) before agent authoring begins (Phase 3), ensuring a human or supervisor review of research inputs.
Audit Metadata