Skills
skills/driangle/taskmd/get-task/Gen Agent Trust Hub

get-task

Fail

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute taskmd get $ARGUMENTS where $ARGUMENTS is the raw user query. This is a command injection vulnerability because shell metacharacters (e.g., ;, &&, $()) in the user input are not escaped or sanitized, allowing an attacker to execute arbitrary system commands.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: The Read tool is used to load task file contents into the agent's context. 2. Boundary markers: There are no delimiters or instructions to ignore embedded commands within the ingested task files. 3. Capability inventory: The agent has access to the Bash tool, which can be exploited by malicious instructions hidden in a task file. 4. Sanitization: There is no evidence of validation or filtering for the content read from the task files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 25, 2026, 05:36 PM