parallel-execution
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script located at
.opencode/skills/task-management/router.sh. This script is used to parse task dependencies and check the status of parallel operations. This is standard functionality for the skill's workflow management. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by reading task instructions from JSON files (e.g.,
.tmp/tasks/feature/subtask_01.json) and passing them to subagents. - Ingestion points: Task definitions are read from the
.tmp/tasks/directory and.opencode/agent/subagents/files. - Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are utilized when passing content to the
CoderAgent. - Capability inventory: The skill can invoke multiple subagents via the
task()call and execute local shell commands viabash. - Sanitization: There is no evidence of sanitization or structural validation performed on the content of the task JSON files before they are processed by the agent.
Audit Metadata