spawn
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes validation commands defined in a manifest file using bash -c. This is a core feature designed to verify task completion on the integration branch and within isolated worktrees.
- [INDIRECT_PROMPT_INJECTION]: The skill processes task manifests which contain natural language fields and command strings that influence subagent behavior.
- Ingestion points: Task manifests (manifest.json) containing task titles, rationales, and validation commands.
- Boundary markers: The skill uses a structured prompt template for child agents with clear section headers to delimit objective, tools, and context.
- Capability inventory: The skill uses Bash tools to execute commands and dispatches subagents to perform parallel work.
- Sanitization: Commands are executed directly from the manifest data; the skill relies on the integrity of the manifest generation process.
Audit Metadata