teamharness-task-execution
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and act upon data from external task specifications (
shared/tasks/{task-id}/spec.md). This represents a potential surface for indirect prompt injection where instructions embedded in the task specification could attempt to influence the agent's behavior. - Ingestion points: The agent reads task instructions from
shared/tasks/{task-id}/spec.mdas specified inSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided file.
- Capability inventory: The agent has access to the
taskflowtool and permission to write files within theworkspace/,progress/, andresult.mdlocations of the task directory. - Sanitization: No sanitization or validation of the input content is mentioned.
- [COMMAND_EXECUTION]: The skill utilizes a structured tool named
taskflowwith predefined JSON schemas (ack_task,submit_task). This is a constrained interaction model that does not involve arbitrary shell execution. - [DATA_EXFILTRATION]: The skill mentions communication with a leader at
matrix.local. This is a local domain commonly used for internal service communication and does not represent an exfiltration risk to an external attacker-controlled domain.
Audit Metadata