parallel
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts and shell commands to manage development tasks and orchestrate sub-agents. It invokes scripts located in the
.trellis/scripts/directory, includingget_context.py,plan.py,start.py, andtask.py, to manage task directories and agent states.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests user-supplied feature requirements and descriptions, which are سپس interpolated into shell commands (e.g., in theplan.pycall) and used to generate project documentation (prd.md) that guides the behavior of downstream agents.\n - Ingestion points: User-provided feature requirements and module involvements are captured via the agent's interaction flow as described in
SKILL.md.\n - Boundary markers: Requirements are enclosed in double quotes when passed as command-line arguments and written to files using heredocs, providing basic delimiters but not a robust security boundary against adversarial content.\n
- Capability inventory: The skill can execute shell commands, write to the filesystem, and initiate additional agent processes.\n
- Sanitization: There is no evidence of input validation, filtering, or escaping of user-provided content before it is processed by orchestration scripts or written to task files.
Audit Metadata