work-item-delivery-loop
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from external sources such as One Horizon tasks, bugs, and initiatives that could contain malicious instructions. Ingestion points: Task titles, descriptions, and metadata fetched via 'list-bugs', 'list-initiatives', and 'get-task-details'. Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded prompts in task content. Capability inventory: The agent is instructed to implement code changes, run tests, and write back updates/comments to the platform. Sanitization: No explicit sanitization or validation of the fetched task content is specified.
- [COMMAND_EXECUTION]: The skill instructs the agent to 'Implement code changes' and 'Run validation/tests,' which involves generating and executing code or shell commands based on task requirements.
Audit Metadata