Skills
skills/driangle/taskmd/split-task/Gen Agent Trust Hub

split-task

Fail

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the Bash tool, specifically taskmd get $ARGUMENTS. Since $ARGUMENTS contains direct user input that is not sanitized or quoted, an attacker can perform command injection by providing input like 077; malicious_command. This allows the execution of arbitrary code on the underlying system.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it reads and processes external task files.\n
  • Ingestion points: The agent uses the Read tool to ingest content from files matching tasks/**/*.md.\n
  • Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the read files.\n
  • Capability inventory: The agent has access to high-privilege tools including Bash (command execution) and Write (file system modification).\n
  • Sanitization: There is no evidence of sanitization or validation performed on the content of the task files before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 7, 2026, 07:36 PM