Skills
skills/compozy/kb/cy-execute-task/Gen Agent Trust Hub

cy-execute-task

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and strictly following instructions from external task specification and PRD files.
  • Ingestion points: The skill reads the "provided task specification" and PRD documents in SKILL.md (Step 1).
  • Boundary markers: There are no explicit markers or instructions to isolate untrusted data or warn the agent about embedded instructions.
  • Capability inventory: The agent has the capability to run shell commands and modify files in SKILL.md (Steps 3, 4, and 6).
  • Sanitization: No sanitization or validation of the input document content is performed before processing.
  • [COMMAND_EXECUTION]: The workflow includes a capability that executes commands derived from untrusted input.
  • Evidence: Step 4 in SKILL.md explicitly instructs the agent to "Run every test and validation command listed in the task specification." This creates a direct path for executing arbitrary shell commands if they are embedded in the task specification file.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 12:15 AM