starting-the-task
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various command-line utilities to manage the software development lifecycle, including 'git' for version control, 'cargo' for testing Rust code, and 'gh' (GitHub CLI) for PR management. It also references a vendor-specific task manager 'bd' and a local helper script 'scripts/pr-draft.sh'. These tools are appropriate for the skill's stated purpose of starting a task.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it instructs the agent to read and process instructions from an external task tracker ('bd').\n
- Ingestion points: Task descriptions and linked documents retrieved via the 'bd' tool.\n
- Boundary markers: Absent; the agent is instructed to read content end-to-end without specific delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The agent has permissions to execute shell commands, modify the local repository, and interact with remote GitHub repositories.\n
- Sanitization: No explicit sanitization or validation logic is defined for data interpolated into command arguments (e.g., PR titles or body text).
Audit Metadata