agkan-subtask
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands through tools like
agkan,git, andghto manage task statuses, repository branches, and pull request creation. These are standard operations for the intended workflow. - [DATA_EXFILTRATION]: Includes defensive instructions specifically advising against using
git add -Aorgit add .to prevent the accidental inclusion of sensitive files such as.envorcredentials.*in version control commits. - [PROMPT_INJECTION]: Processes external content from task bodies and metadata using
agkan task get. This creates a surface for indirect prompt injection where malicious instructions embedded in a task could attempt to influence the agent's implementation steps. - Ingestion points: Task content and metadata retrieved via
agkan task get <id> --json. - Boundary markers: The workflow does not define specific delimiters to isolate external task instructions from the agent's system instructions.
- Capability inventory: The agent has capabilities to modify the local filesystem, push to remote repositories, and create pull requests.
- Sanitization: There is no explicit sanitization step for the task body before it is used to guide the implementation phase.
Audit Metadata