Skills
skills/curiositech/some_claude_skills/dag-executor/Gen Agent Trust Hub

dag-executor

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Prompt Injection] (LOW): The skill presents an indirect prompt injection surface (Category 8) by using natural language user tasks to drive agent orchestration.\n
  • Ingestion points: User-provided natural language tasks (e.g., 'Build me a landing page').\n
  • Boundary markers: Absent; the skill does not use delimiters or instructions to help sub-agents distinguish between system instructions and untrusted task data.\n
  • Capability inventory: Includes Bash for running local scripts and the Task tool for spawning recursive agents with Write and Edit permissions.\n
  • Sanitization: Absent; the skill processes tasks through a decomposer and passes them directly to sub-agents without validation or escaping.\n- [Command Execution] (SAFE): The skill uses the Bash tool to execute a local TypeScript file (src/dag/demos/decompose-and-execute.ts) via npx tsx. This is the intended behavior for task decomposition and does not involve downloading or executing remote code from untrusted sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 08:37 PM