Skills
skills/benbrastmckie/.config/skill-status-sync/Gen Agent Trust Hub

skill-status-sync

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill constructs shell commands by interpolating variables like {task_number} and {artifact_path} directly into the Bash tool calls. This pattern is susceptible to command injection if an attacker can influence these parameters to include shell metacharacters (e.g., semicolons or backticks).\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection due to its interaction with external project files.\n
  • Ingestion points: Reads from specs/state.json and specs/TODO.md to validate task status and check for existing links.\n
  • Boundary markers: None; there are no delimiters or instructions to ignore embedded commands in the processed data.\n
  • Capability inventory: Provides the ability to execute arbitrary shell commands via Bash and modify the filesystem via Edit.\n
  • Sanitization: While the skill uses jq --arg to safely pass data into the jq utility, the outer shell command itself remains unsanitized, leaving the interpolation step vulnerable to breakout attacks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:27 PM