managed-agent
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands both locally through the Bash tool and within the remote Anthropic cloud environment as part of its core functionality.
- [EXTERNAL_DOWNLOADS]: Provisions remote environments with software packages from public registries and connects to external MCP servers via URL, which is consistent with the management of a well-known technology service.
- [PROMPT_INJECTION]: As the skill processes user-supplied messages and transcript data from remote agents, it possesses an indirect prompt injection surface.
- Ingestion points: The message parameter in managed_agent_prompt and the raw transcript output from managed_agent_events (SKILL.md).
- Boundary markers: No explicit instructions for delimiters or escaping are provided in the skill instructions.
- Capability inventory: Access to local Bash and control over remote cloud agent lifecycles via the managed_agent_* toolset.
- Sanitization: No specific sanitization or validation of external content from the message or event logs is mentioned.
Audit Metadata