trigger-dev-tasks
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill guides the agent on using 'aptGet' and 'additionalPackages' extensions in 'config.md'. These functions facilitate the installation of arbitrary system packages and NPM packages, which introduces a dependency risk.
- REMOTE_CODE_EXECUTION (MEDIUM): Documentation in 'config.md' for 'pythonExtension' describes methods like 'python.runInline' and 'python.runScript', enabling the execution of Python code within the task environment.
- COMMAND_EXECUTION (LOW): The skill allows the use of the 'Bash' tool and demonstrates build-time commands such as 'chmod +x' in 'config.md'. While appropriate for containerized tasks, these are sensitive operations.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to its ingestion of user-controlled code files while possessing high-capability tools. 1. Ingestion points: 'Read', 'Glob', and 'Grep' tools in 'SKILL.md'. 2. Boundary markers: Absent. 3. Capability inventory: 'Bash', 'Write', and Python execution. 4. Sanitization: Absent.
- Note on Automated Scan (SAFE): The automated alert regarding 'logger.info' is a false positive where a common code method was misidentified as a blacklisted URL.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata