Skills
skills/athola/claude-night-market/delegation-core/Gen Agent Trust Hub

delegation-core

Warn

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The shared-shell-execution.md file defines a CommandBuilder and ExecutionEngine that dynamically construct and execute shell commands for external services (e.g., gemini, qwen). This allows for the execution of CLI tools with parameters derived from runtime context.
  • [DATA_EXFILTRATION]: The core functionality of the skill is to send local data to external LLM services. The shared-shell-execution.md documentation demonstrates command patterns such as gemini -p "@path/to/file ...", which utilizes the tool's ability to read and transmit local file contents to third-party APIs. While the skill's documentation warns against processing sensitive data, the mechanism for wide-scale data exposure to external services is integrated into the framework.
  • [PROMPT_INJECTION]: The skill implements a delegation workflow where the output of external LLMs is integrated back into the primary agent's session. As documented in SKILL.md and handoff-patterns.md, results are integrated into the workflow, creating a surface for indirect prompt injection where malicious instructions embedded in a third-party model's response could influence the behavior of the calling agent.
  • Ingestion points: External LLM results captured via the ExecutionEngine in shared-shell-execution.md and integrated into the local context.
  • Boundary markers: The documentation recommends manual validation of results, but no programmatic boundary markers or "ignore instruction" wrappers are implemented in the execution logic.
  • Capability inventory: The skill includes an ExecutionEngine for shell command execution and supports file-modifying delegations with isolation: worktree as noted in SKILL.md.
  • Sanitization: While handoff-patterns.md mentions validating output for format and correctness, no specific sanitization or escaping mechanisms are provided to handle untrusted data from external sources.
  • [EXTERNAL_DOWNLOADS]: The skill relies on external CLI dependencies (e.g., gemini, qwen) that are not included in the skill package itself. The execution of delegation tasks depends on these external tools being present in the environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 10:36 PM