submit-work
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
Bashto interact with the@openant-ai/clitool for managing task submissions and file uploads. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto download and execute the@openant-ai/clipackage from the NPM registry at runtime. - [DATA_EXFILTRATION]: The skill is designed to upload local files to the vendor's remote storage as part of the submission process. While this is the intended functionality, it creates a mechanism for transferring data from the agent's environment to external infrastructure.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes task IDs and file content from the local environment.
- Ingestion points: The skill ingests task IDs from the conversation context and identifies file paths for upload based on the agent's work.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to prevent the execution of instructions that might be embedded in the files being uploaded or the task metadata.
- Capability inventory: The skill possesses the capability to execute shell commands, perform network uploads, and submit data to the OpenAnt API.
- Sanitization: There is no evidence of sanitization or validation performed on the task IDs, file paths, or text descriptions before they are used as arguments for the CLI tool.
Audit Metadata