coordinator
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection. 1. Ingestion points: The coordinator is instructed to read external markdown files like plans and specs from the project to create prompts for sub-agents in SKILL.md. 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are specified for the interpolated content. 3. Capability inventory: The skill uses the Bash tool to execute workmux commands, including workmux run for arbitrary shell execution across worktrees. 4. Sanitization: Absent; ingested content is written directly into prompt files via shell heredocs.
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to interact with the workmux CLI for agent orchestration. It utilizes commands such as workmux run, which allows for the execution of arbitrary shell commands in the context of managed sub-agents, representing a significant capability for environment manipulation.
Audit Metadata