agkan-add
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow directs the agent to run CLI commands including agkan and rm using arguments derived from user input. This includes the task title and body when provided as single-line arguments.\n- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection, specifically command injection, because user-provided strings are placed directly into shell command templates.\n
- Ingestion points: User input fields for task Title and Body are used as shell command arguments.\n
- Boundary markers: Absent. There are no instructions for the agent to sanitize or escape shell-sensitive characters in the user input.\n
- Capability inventory: The skill uses subprocess execution to run the agkan CLI and performs file system operations such as writing to /tmp and deleting files with rm.\n
- Sanitization: The skill correctly recommends using a temporary file and the --file flag for multi-line content to avoid complex shell parsing issues, which serves as a mitigation for those cases, but single-line inputs remain unvalidated.
Audit Metadata