code-execution
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using bash and grep to manage task lifecycles and perform quality checks. \n
- The script .opencode/skills/task-management/router.sh is called with arguments {feature}, {seq}, and {summary} which are derived from task metadata. \n
- Shell commands are used to scan for hardcoded secrets in the implemented deliverables using grep. \n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes task definitions from external JSON files. \n
- Ingestion points: The skill reads subtask configurations from .tmp/tasks/{feature}/subtask_{seq}.json. \n
- Boundary markers: None. The agent is instructed to follow acceptance criteria from the JSON content without safety delimiters. \n
- Capability inventory: The agent has the ability to read and write arbitrary files in the repository and execute local shell scripts. \n
- Sanitization: None. Data from the JSON file is used to drive the agent's logic and is interpolated into shell commands.
Audit Metadata