Skills
skills/darrenhinde/openagentscontrol/code-execution/Gen Agent Trust Hub

code-execution

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected through the processing of untrusted subtask data.
  • Ingestion points: The skill reads task metadata, acceptance criteria, and deliverables from .tmp/tasks/{feature}/subtask_{seq}.json.
  • Boundary markers: Absent. There are no explicit delimiters or 'ignore instructions' warnings used when interpolating these fields into the agent's context.
  • Capability inventory: The skill has permissions to create or modify files in the repository and execute local shell scripts.
  • Sanitization: Absent. The content of the subtask JSON is used directly to guide code implementation without filtering.
  • [COMMAND_EXECUTION]: The skill executes a local bash script located at .opencode/skills/task-management/router.sh to manage task state. This is a functional requirement for the agent's orchestration framework and utilizes local project resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:50 PM