Skills
skills/metyatech/skill-quality-workflow/quality-workflow/Gen Agent Trust Hub

quality-workflow

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions explicitly direct the agent to use sudo for repository maintenance and system tasks when elevated privileges are required.
  • [EXTERNAL_DOWNLOADS]: The workflow mandates the installation of multiple global NPM packages (compose-agentsmd, @metyatech/task-tracker, and @metyatech/thread-inbox) to support task management and rule enforcement.
  • [REMOTE_CODE_EXECUTION]: The agent is instructed to run compose-agentsmd, which fetches remote instruction modules from a GitHub repository (github:metyatech/agent-rules) and incorporates them into the agent's active ruleset.
  • [PROMPT_INJECTION]: The rules define a strict 'Session gate' that forces the agent to execute specific commands and refresh its internal operating instructions before responding to any user message, overriding default behavioral constraints.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 07:25 AM