Skills
skills/daydreamsai/skills-market/taskmarket/Gen Agent Trust Hub

taskmarket

Warn

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to fetch an updated version of itself from https://market.daydreams.systems/skill.md and re-read it at the start of every session. This allows the remote server to dynamically change the agent's instructions and logic.
  • [COMMAND_EXECUTION]: The agent is explicitly directed to extract the command field from the pendingActions JSON array returned by the Taskmarket API and run it 'verbatim'. This creates a direct pipeline for a remote service to execute arbitrary shell commands on the host system without validation.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @lucid-agents/taskmarket NPM package. While this is the intended tool for the skill, it is an external dependency from a third-party source.
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection via the pendingActions field.
  • Ingestion points: The command data is ingested from the Taskmarket API response in SKILL.md.
  • Boundary markers: None are present; the instructions explicitly tell the agent to bypass its own judgment ('Never infer what to do from status alone — always read pendingActions') and execute the string as provided.
  • Capability inventory: The skill has access to the Bash tool, allowing for full system interaction.
  • Sanitization: There is no mention of command sanitization, escaping, or validation before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 2, 2026, 02:07 PM