ac-task-executor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Task descriptions and feature metadata loaded from a queue via
execute_queueorexecute_feature. - Boundary markers: None found. There are no explicit delimiters or instructions to ignore embedded commands within the feature tasks.
- Capability inventory: The lifecycle includes
IMPLEMENT(writing code),VALIDATE(running tests/validation), andCOMMIT(Git operations), which provide a significant capability surface for an attacker providing a malicious task. - Sanitization: No evidence of input validation or content sanitization for the task data is mentioned in the documentation.
- COMMAND_EXECUTION (LOW): The skill performs dynamic code generation and execution (Category 10).
- The documentation explicitly describes a workflow where the agent writes code to pass tests and then executes those tests. This implies runtime execution of generated or modified scripts.
- Severity is downgraded to LOW as this is the primary stated purpose of an 'autonomous coding' skill, although the underlying script
scripts/task_executor.pywas not provided to verify the presence of sandboxing or safety controls.
Audit Metadata