Skills
skills/driangle/taskmd/do-task/Gen Agent Trust Hub

do-task

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads external task files and follows their instructions using system tools.
  • Ingestion points: Task files retrieved using the Read tool.
  • Boundary markers: None present to separate task data from agent instructions.
  • Capability inventory: High-privilege tools including Bash, Write, Edit, and EnterPlanMode.
  • Sanitization: No content validation or filtering is implemented.
  • [COMMAND_EXECUTION]: The skill executes taskmd get $ARGUMENTS in a shell environment. Direct interpolation of user input into this command string allows for potential command injection if the input contains shell metacharacters.
  • [COMMAND_EXECUTION]: Uses the Bash tool to implement task logic defined in external files, inheriting risks from the source data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 01:34 PM