task-decomposer
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill's primary function is to facilitate the installation of external code via the
npx skills addcommand. This allows the agent to execute code from any provided URL, including untrusted GitHub repositories. - [COMMAND_EXECUTION] (HIGH): The skill utilizes shell-based commands (
npx) to perform its core tasks, such as searching for and adding new capabilities. These commands can be manipulated to execute unintended malicious code if the inputs (URLs or skill names) are not strictly validated. - [EXTERNAL_DOWNLOADS] (HIGH): The skill references and encourages downloading content from non-trusted external sources like
skills.shand arbitrary GitHub repositories, which are outside of the verified safe domains. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted user requests to decide which external tools to install and execute. An attacker can craft a request that forces the agent to install a malicious skill from an attacker-controlled server.
- Ingestion points: User requests for task decomposition (documented in README.md).
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Remote skill installation (
npx skills add), skill search (npx skills find), and skill generation (writing files usingassets/skill_template.md). - Sanitization: No sanitization or validation of the search results or installation URLs is mentioned in the workflow.
Recommendations
- AI detected serious security threats
Audit Metadata