Task Orchestrator Hooks Builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): SQL Injection vulnerability in
flow-aware-gate.sh. The script constructs a SQLite query by interpolating the$FEATURE_IDvariable directly into a command string. This variable is sourced from tool input (.tool_input.id) viajqwithout any sanitization or parameterization. Evidence:sqlite3 "$DB_PATH" "SELECT tags FROM Features WHERE id='$FEATURE_ID'"inflow-aware-gate.sh. - [COMMAND_EXECUTION] (LOW): The script
flow-aware-gate.shperforms local command execution by running./gradlew testandtrivy fs .. While these actions are consistent with the skill's purpose as a quality gate, they execute code found in the project directory based on the result of the vulnerable SQL query. - [DATA_EXFILTRATION] (SAFE): The scripts
cascade-logger.shandcascade-auto-progress.shwrite audit logs to the local directory.claude/metrics/. This records workflow metadata and cascade events locally but does not attempt to send this data to external network destinations.
Audit Metadata