Skills
skills/driangle/taskmd/complete-task/Gen Agent Trust Hub

complete-task

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions directly interpolate the $ARGUMENTS variable into shell commands, specifically taskmd set $ARGUMENTS --status completed --verify. Since $ARGUMENTS contains raw user input, an attacker can inject shell metacharacters (e.g., ;, &&, |) to execute arbitrary commands with the agent's privileges.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and acts upon content from external task files.
  • Ingestion points: Task content is retrieved using taskmd show <ID> (Step 1 in SKILL.md).
  • Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the task files.
  • Capability inventory: The agent has access to Bash, Read, and Edit tools, which could be abused if the agent obeys malicious instructions found in a task file.
  • Sanitization: None. The skill does not validate or sanitize the contents of the task files before processing them.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 11:01 PM