crank
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by ingesting data from an external issue tracker into sub-agent prompts. \n
- Ingestion points: Issue descriptions retrieved via 'bd show' in references/taskcreate-examples.md. \n
- Boundary markers: Limited markers like 'Details from beads:' are used. \n
- Capability inventory: Ability to spawn sub-agents and execute project test commands. \n
- Sanitization: No explicit sanitization or filtering of ingested issue content is documented.
- [COMMAND_EXECUTION] (LOW): The skill performs extensive command execution for git management, test runner invocation (e.g., cargo, go, pytest, vitest), and troubleshooting using tmux and gt/bd CLIs. These findings are consistent with the skill's primary function and are considered low risk when used in a controlled development environment.
Audit Metadata