Skills
skills/catlog22/maestro-flow/manage-issue-execute/Gen Agent Trust Hub

manage-issue-execute

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses functions.exec_command to run curl and maestro delegate commands. It properly uses temporary files to store dynamic prompt content before execution, which effectively mitigates the risk of shell injection from untrusted issue data. |
  • [DATA_EXFILTRATION]: The skill performs network operations via curl to localhost. This is used to communicate with a local orchestration server for task dispatching and health monitoring. |
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads issue titles and solution steps from .workflow/issues/issues.jsonl and interpolates them directly into prompts for downstream agents. |
  • Ingestion points: .workflow/issues/issues.jsonl (Steps 1 and 4). |
  • Boundary markers: None are used to delimit interpolated variables like ${issue.title} or ${solution.steps} within the execPrompt. |
  • Capability inventory: Access to Bash (via exec_command for curl and maestro) and Write tools. |
  • Sanitization: The skill implements shell-level sanitization via temporary files but does not sanitize or validate the natural language content for instruction overrides targeting the executor agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 01:12 AM