comment-on-task
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the
@openant-ai/clifor reading and posting comments. Command execution is strictly limited by the allowed-tools configuration to specific task comment subcommands. - [EXTERNAL_DOWNLOADS]: Utilizes
npxto download and run the latest version of the vendor's official CLI package from the npm registry. This is an expected distribution and deployment method for the skill's functionality. - [PROMPT_INJECTION]: The skill processes user-generated comments, which constitutes a potential surface for indirect prompt injection.
- Ingestion points: External data enters the agent context via the output of the CLI's
tasks commentscommand as described in SKILL.md. - Boundary markers: The skill requires the use of the
--jsonflag to ensure the agent receives structured data, which helps separate external content from system instructions. - Capability inventory: The agent's ability to act on the data is constrained to the specific Bash commands for task comments authorized in the skill metadata.
- Sanitization: The skill relies on the structured JSON format for data integrity; no additional content filtering or safety delimiters for the comment text are specified within the skill instructions.
Audit Metadata