phase-task-verification
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill performs shell interpolation of the
{COMMIT_MESSAGE}parameter in the commandgs branch create ... -m "{COMMIT_MESSAGE}". If the message contains characters like";, an attacker can break out of the command and execute arbitrary bash scripts. - PROMPT_INJECTION (HIGH): (Category 8
- Indirect) The skill accepts untrusted data as parameters (RUN_ID, TASK_ID, TASK_NAME, COMMIT_MESSAGE) and uses them in commands with write/execute capabilities. Evidence: 1. Ingestion: Parameters defined in SKILL.md; 2. Boundary markers: Absent; 3. Capability: git and gs command execution; 4. Sanitization: Absent (the error handling section explicitly states 'Do NOT sanitize').
- COMMAND_EXECUTION (MEDIUM): The parameters
{RUN_ID},{TASK_ID}, and{TASK_NAME}are also interpolated into shell commands to form branch names. Their direct use in string-built commands without validation creates additional injection vectors.
Recommendations
- AI detected serious security threats
Audit Metadata