taskcluster
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (LOW): The skill is designed to run shell commands via the taskcluster CLI and a local tc.py script. This is the primary function for managing CI tasks but provides a mechanism that could be abused if the agent is tricked into running unintended commands.
- [External Downloads] (SAFE): The skill instructions include downloading actions.json metadata from Mozilla's services using curl. Since these are trusted Mozilla domains, this is classified as safe per the trust-scope rule.
- [Indirect Prompt Injection] (LOW): The skill processes external data such as Task IDs and URLs which could be used as a vector for parameter injection into CLI commands.
- Ingestion points: Task IDs and Taskcluster URLs processed by tc.py (SKILL.md).
- Boundary markers: No explicit delimiters or validation warnings are present in the documentation to separate untrusted input from the command structure.
- Capability inventory: The skill possesses the ability to query, retrigger, and cancel tasks, as well as manage worker pools (references/worker-pools.md).
- Sanitization: Sanitization logic is likely handled within the tc.py wrapper script, which was not provided for this analysis.
Audit Metadata