complete-task
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run commands where the$ARGUMENTSvariable is directly interpolated. This allows for command injection if a user provides a task ID containing shell control characters. Additionally, the same variable is used to construct file paths for reading and editing, which may be vulnerable to path traversal attacks (e.g., using../in the task ID). - [PROMPT_INJECTION]: The skill processes content from configuration and worklog files without validation, creating an indirect prompt injection surface.
- Ingestion points:
.taskmd.yamland worklog markdown files (e.g.,tasks/.worklogs/<ID>.md). - Boundary markers: None; there are no instructions to ignore or sanitize instructions found within these files.
- Capability inventory: The skill can execute shell commands via
Bash, and read or edit files usingReadandEdittools. - Sanitization: The skill does not validate the
$ARGUMENTSvariable or the content of the files it processes before using them in sensitive operations.
Audit Metadata