board
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation describes executing a local Python script using string interpolation:
python {skill_path}/scripts/board_manager.py --post --channel {channel} --author {author} --message "{text}". This template is vulnerable to command injection if the{text}variable contains shell-sensitive characters like backticks or semicolons. - [PROMPT_INJECTION]: The skill facilitates reading messages from shared channels, which creates a surface for indirect prompt injection where malicious instructions in a post could influence an agent's subsequent actions.
- Ingestion points: Reading messages from board channels using the
--readcommand inSKILL.md. - Boundary markers: Absent; the skill does not specify any markers to separate data from instructions or warn the agent about untrusted content.
- Capability inventory: The skill allows script execution through subprocess calls to
board_manager.py. - Sanitization: No mention of message content sanitization or escaping is provided.
Audit Metadata