Scan Report
5 /100
sub-agent-factory
Rapidly spawn and configure specialized sub-agents with templates for Research, Coding, and Analysis agents
A straightforward agent workspace factory that creates directories and generates per-agent SKILL.md files with no malicious behavior detected.
Safe to install
No action needed. The skill is a simple workspace generator with clear, scoped functionality.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | WRITE | ✓ Aligned | scripts/create_agent.sh:12 - mkdir -p creates agent subdirectories; scripts/crea… |
| Shell | READ | WRITE | ✓ Aligned | scripts/create_agent.sh:1 - shebang #!/usr/bin/env bash, script is invoked via s… |
| Network | NONE | NONE | — | No network calls found in any file |
| Environment | NONE | NONE | — | No environment variable access found |
| credential | NONE | NONE | — | No credential access or exfiltration |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser interaction |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 1.3 KB · 51 lines Markdown 1f · 26L
Shell 1f · 20L
JSON 1f · 5L
├─
▾
scripts
│ └─
create_agent.sh
Shell
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No external network requests or IP communications
✓ No credential harvesting or environment variable iteration
✓ No obfuscation techniques (base64, eval, etc.)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No supply chain risk — no dependencies declared
✓ Script is idempotent (mkdir -p) and scoped to a single agents/ directory
✓ Output is controlled via parameterized heredoc with no injection risk (variables are used as metadata in a heredoc, not executed)