Skills
skills/quickcall-dev/skills/iterative-fleet/Gen Agent Trust Hub

iterative-fleet

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface within the generated orchestrator.sh script. The build_iter_prompt function reads feedback from iterations/<N>/review.md (written by a reviewer agent) and appends it verbatim to the builder agent's prompt for the subsequent iteration. If the reviewer is influenced by malicious data in logs or output, those instructions could be executed by the builder in the next cycle.
  • Ingestion points: orchestrator.sh reads feedback from review.md files generated during iterations.
  • Boundary markers: Uses markdown headers (e.g., '# Reviewer Feedback') and horizontal rules (---) to separate feedback.
  • Capability inventory: Workers are granted varying levels of Bash, Edit, Write, and Agent tool access depending on their assigned type (code-run, write, research).
  • Sanitization: None; content from the reviewer's verdict file is appended directly to the prompt.
  • [COMMAND_EXECUTION]: The skill uses launch.sh and worker-spawn.sh to dynamically generate bash scripts (orchestrator.sh and .worker-cmd-*.sh) and executes them via tmux. While the skill includes input validation via validate_fleet_id and validate_safe_id to prevent traditional shell injection, the runtime assembly and execution of code is a sensitive behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 06:03 PM