teamharness-task-execution

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and act upon data from external task specifications (shared/tasks/{task-id}/spec.md). This represents a potential surface for indirect prompt injection where instructions embedded in the task specification could attempt to influence the agent's behavior.
  • Ingestion points: The agent reads task instructions from shared/tasks/{task-id}/spec.md as specified in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided file.
  • Capability inventory: The agent has access to the taskflow tool and permission to write files within the workspace/, progress/, and result.md locations of the task directory.
  • Sanitization: No sanitization or validation of the input content is mentioned.
  • [COMMAND_EXECUTION]: The skill utilizes a structured tool named taskflow with predefined JSON schemas (ack_task, submit_task). This is a constrained interaction model that does not involve arbitrary shell execution.
  • [DATA_EXFILTRATION]: The skill mentions communication with a leader at matrix.local. This is a local domain commonly used for internal service communication and does not represent an exfiltration risk to an external attacker-controlled domain.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 02:31 AM
Security Audit — agent-trust-hub — teamharness-task-execution