mb-execute
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
codex execandclaudeCLIs. Specifically, it uses flags like--full-autoand--permission-mode acceptEditswhich allow the external tools to modify the filesystem without manual intervention. These commands are constructed via string interpolation of theTASK_IDvariable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests data from external project files and interpolates it into the execution instructions for sub-agents.
- Ingestion points: Reads task definitions and requirements from
.memory-bank/features/FT-*/...,.memory-bank/requirements.md, and.memory-bank/tasks/backlog.md. - Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying commands embedded within the task specification files.
- Capability inventory: The skill has the capability to execute shell commands, create/modify files in the
.protocols/and.tasks/directories, and spawn sub-agents with write access. - Sanitization: There is no evidence of sanitization or validation of the content read from the Markdown files before it is passed to the shell-based execution environment.
Audit Metadata