Skills
skills/ninehills/skills/tasks/Gen Agent Trust Hub

tasks

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute alma CLI commands for creating, listing, and updating tasks stored in the local filesystem.
  • [PROMPT_INJECTION]: The skill architecture allows for indirect prompt injection because task metadata is shared globally and automatically injected into the agent's context in every conversation thread.
  • Ingestion points: Task data is retrieved from ~/.config/alma/tasks.json and injected into the agent context.
  • Boundary markers: There are no documented delimiters to segregate injected task content from system instructions.
  • Capability inventory: The skill is configured with access to the Bash tool, which provides a significant capability for system interaction.
  • Sanitization: No sanitization or validation of user-provided task strings is described before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 09:32 AM