Skills
skills/benbrastmckie/nvim/skill-team-research/Gen Agent Trust Hub

skill-team-research

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Unsafe shell interpolation in jq filters. In Stage 2 and Stage 10, the variable $task_number is interpolated directly into the jq filter string using single quotes (e.g., '(.active_projects[] | select(.project_number == '$task_number'))'). While Stage 1 attempts validation, the use of shell interpolation instead of jq's --argjson utility creates a logic injection risk where a crafted task number could manipulate the JSON transformation.
  • [PROMPT_INJECTION]: Indirect prompt injection surface. The skill interpolates untrusted data from the description (retrieved from state.json) and the user-supplied focus_prompt directly into the prompts generated for teammate agents in Stage 5.
  • Ingestion points: description field from specs/state.json and focus_prompt input parameter.
  • Boundary markers: Absent. The data is interpolated directly (e.g., Research task {task_number}: {description}) without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill uses Bash, Edit, Write, and Read. Spawned teammates have access to WebSearch, WebFetch, Read, Grep, and Glob tools.
  • Sanitization: No validation or escaping is performed on the description or focus_prompt before they are sent to the teammate agents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 12:36 AM