adhd-productivity
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill requests the
BashandWritetools to manage task states and log metrics liketask_completion_streaks. Because it ingests untrusted user data (task names and descriptions) and has execution capabilities, it presents a high risk for Indirect Prompt Injection. If an attacker provides a 'task' containing malicious shell syntax, the agent might inadvertently execute it while attempting to log or track the task. - Ingestion points: User task descriptions, session content, and focus assistance requests in
SKILL.md. - Boundary markers: None present; the skill instructions do not define delimiters to separate user data from system commands.
- Capability inventory:
Bash,Write, andReadtools specified inallowed-tools. - Sanitization: None present; there are no instructions to escape or validate user-provided strings before processing them through system tools.
Recommendations
- AI detected serious security threats
Audit Metadata