Skills
skills/dutstech/ceoralph/verification-rules/Gen Agent Trust Hub

verification-rules

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines verification steps using shell commands like git status and grep that interpolate variables such as {taskId}, {file1}, and {specName}. This pattern is susceptible to command injection if these identifiers are not properly sanitized before being passed to the shell.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes workerOutput and file content to determine completion status. An attacker could craft output that includes the required 'TASK_COMPLETE' signal while embedding malicious instructions.
  • [PROMPT_INJECTION_EVIDENCE]:
  • Ingestion points: The skill reads workerOutput and the contents of ./specs/{specName}/tasks.md.
  • Boundary markers: No delimiters or isolation instructions are present to distinguish between data and instructions.
  • Capability inventory: The skill facilitates shell command execution via git, grep, and npm scripts (lint, test, build).
  • Sanitization: No sanitization or escaping mechanisms are defined for variables interpolated into shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:36 AM