Skills
skills/avifenesh/awesome-slash/discover-tasks/Gen Agent Trust Hub

discover-tasks

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes authorized command-line tools including gh, glab, and grep to fetch task data and post comments. These operations are aligned with the skill's primary purpose of task discovery and management.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from external sources.
  • Ingestion points: Task titles, bodies, and labels are fetched from remote GitHub and GitLab repositories (SKILL.md).
  • Boundary markers: The skill does not use delimiters or instructions to prevent the agent from obeying commands embedded in the issue text.
  • Capability inventory: The skill has the capability to execute shell commands (Bash) and interact with the user (AskUserQuestion).
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external task sources before it is processed or displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:48 PM