trellis-channel
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed around the execution of the
trellisCLI tool. It defines numerous subcommands includingcreate,spawn,send,wait,interrupt, andrunto manage the lifecycle and communication of local AI workers. - [EXTERNAL_DOWNLOADS]: The documentation references the installation of the
@mindfoldhq/trellispackage from the npm registry. This is a legitimate dependency provided by the skill's author for the purpose of using the collaboration framework. - [DATA_EXPOSURE]: The skill facilitates sharing project files with AI workers through flags like
--fileand--context-file. The documentation explicitly mentions a 'Path-traversal jail' that restricts context loading to the specified working directory, which is a standard security control for this type of functionality. - [INDIRECT_PROMPT_INJECTION]: As a multi-agent collaboration tool, the skill naturally processes inputs from external sources (other agents' messages and project files). While this creates an attack surface for indirect prompt injection, it is an inherent characteristic of the tool's primary purpose, and the skill implements structured blocks (e.g.,
# CONTEXT FILES) to help delimit untrusted data from instructions.
Audit Metadata