superspec-implementation
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill extracts and runs shell commands directly from the tasks.md file after labels like Run: and Verify: without any filtering or safety checks. Specifically, the instructions direct the agent to execute commands 'exactly' as parsed.
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection via the tasks.md file, which serves as a control plane for the agent's actions.
- Ingestion point: tasks.md (read from the local environment).
- Boundary markers: Absent; instructions do not delimit the data from the commands.
- Capability inventory: Full shell command execution via the CLI.
- Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata