ats
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes task data (titles, descriptions, messages) from the Agent Task Service backend, which creates a surface for indirect prompt injection where instructions embedded in task content could influence agent behavior.\n
- Ingestion points: Task data is retrieved in
index.jsvia thelist,get,watch, andmessage listcommands.\n - Boundary markers: Output from the CLI is presented to the agent without explicit delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill performs network operations (HTTP/WebSocket) and writes to local configuration files (
~/.ats/config).\n - Sanitization: Content received from the remote server is printed to the console without sanitization or validation of the text content.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates communication with the vendor's backend and installation of official packages.\n
- The skill communicates with the Agent Task Service backend at
https://ats.difflab.aivia HTTPS and WebSockets for task management and real-time event monitoring.\n - Documentation recommends the installation of the vendor's
@difflabai/ats-clipackage from the NPM registry.
Audit Metadata