agkan-run
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies heavily on executing shell commands via git, gh (GitHub CLI), and agkan (a task management CLI). These commands are necessary for its stated purpose of automating the development lifecycle (branching, task tracking, and pull request creation).
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill demonstrates security awareness by explicitly instructing the agent to avoid 'git add -A' and 'git add .', citing the risk of accidentally committing sensitive files like .env or credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill retrieves task titles and bodies from the external 'agkan' system and interpolates them into a sub-agent's prompt.
- Ingestion points: External task data retrieved via
agkan task listandagkan task get. - Boundary markers: The sub-agent prompt uses Markdown headers (e.g.,
## Task Information) and triple quotes to delimit external content. - Capability inventory: The agent has capabilities for file system modification (implementation), shell command execution (git/gh), and network access (push/pull).
- Sanitization: No explicit sanitization or escaping of task body content is mentioned before interpolation. This represents a standard surface for indirect prompt injection where a malicious task description could attempt to influence the agent's logic, though it is a low-risk architectural factor for this use case.
Audit Metadata