dida365
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection through task metadata processing.\n
- Ingestion points: User-provided task titles, notes, and project names enter the agent context via conversational prompts and are interpolated into shell commands.\n
- Boundary markers: Absent. There are no explicit markers or instructions to treat user data as untrusted text rather than potential command components.\n
- Capability inventory: The skill allows the execution of the local
tt.pyscript with variable arguments via a shell interface.\n - Sanitization: Partial. The
SKILL.mdfile contains a behavioral rule instructing the agent to quote titles and notes containing spaces, which provides minimal protection against command injection but does not handle advanced escaping.\n- [COMMAND_EXECUTION]: The skill operates by executing a local Python script (tt.py) through the command line to perform API operations.
Audit Metadata