trellis-channel

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed around the execution of the trellis CLI tool. It defines numerous subcommands including create, spawn, send, wait, interrupt, and run to manage the lifecycle and communication of local AI workers.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the @mindfoldhq/trellis package from the npm registry. This is a legitimate dependency provided by the skill's author for the purpose of using the collaboration framework.
  • [DATA_EXPOSURE]: The skill facilitates sharing project files with AI workers through flags like --file and --context-file. The documentation explicitly mentions a 'Path-traversal jail' that restricts context loading to the specified working directory, which is a standard security control for this type of functionality.
  • [INDIRECT_PROMPT_INJECTION]: As a multi-agent collaboration tool, the skill naturally processes inputs from external sources (other agents' messages and project files). While this creates an attack surface for indirect prompt injection, it is an inherent characteristic of the tool's primary purpose, and the skill implements structured blocks (e.g., # CONTEXT FILES) to help delimit untrusted data from instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:16 PM
Security Audit — agent-trust-hub — trellis-channel