mission-control
Fail
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates an autonomous wrapper script that disables security guardrails.\n
- Evidence: The template
references/templates/autonomous/run-agent.shexecutesclaude -p --permission-mode bypassPermissions, which bypasses the agent's standard user confirmation requirements for all tool operations.\n- [REMOTE_CODE_EXECUTION]: The skill generates and executes several local shell scripts that govern the agent's behavior.\n - Evidence: The setup process in
references/setup/autonomous.mdandreferences/setup/human-in-the-loop.mdcreates multiple executable scripts includingdone-check.sh,run-agent.sh, and various validation scripts that are executed as subprocesses during the agent's work cycle.\n- [PROMPT_INJECTION]: The skill uses instructions to override default agent safety and interaction patterns.\n - Evidence: Templates such as
references/templates/autonomous/run-agent.shandreferences/templates/autonomous/prompts.mdcontain commands like 'Do not ask whether to continue', 'Stop only when done-check.sh passes', and 'Do not rely on TodoWrite or conversation memory for completion', which are designed to force the agent into an autonomous state and override platform-level safety constraints.
Recommendations
- AI detected serious security threats
Audit Metadata