execute-task
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to run local utility scripts (
read_file.py,run_tests.py) and standard development tools (e.g.,npm,pytest) for task implementation and validation. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the
task_fileinput, as the instructions explicitly command the agent to 'Trust the task spec' as the 'single source of truth' and avoid searching for external context. Ingestion points: Thetask_filepath provided as an input parameter. Boundary markers: The task specification utilizes markdown sections (e.g., ## Objective, ## Tasks), but the skill lacks instructions to ignore or report potential malicious instructions embedded within these tasks. Capability inventory: The skill can read local files (including.claude/config.yaml), write code to implementation directories, and execute shell commands for testing. Sanitization: No validation or sanitization of the content within the task specification file is performed prior to execution.
Audit Metadata