agent-task-mapping
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill's primary function is task delegation and agent mapping, which is implemented using standard markdown documentation and benign scripts.
- [COMMAND_EXECUTION]: The skill includes a local Node.js script
scripts/agent-discovery.js. Analysis of the source code confirms it is a safe utility that performs local file system reads (usingfs.readFileSyncandfs.readdirSync) to extract metadata from.agent.mdfiles. It does not execute shell commands, perform network requests, or modify system files. - [PROMPT_INJECTION]: No evidence of prompt injection or bypass instructions was found in the skill definitions or subagent examples. The use of
runSubagentis consistent with standard agent-to-agent communication patterns. - [DATA_EXFILTRATION]: No network-enabled commands or sensitive data access patterns were identified. The hardcoded path
C:/Users/LOQ/.copilot/skills/in the documentation appears to be a local configuration reference and does not pose a security risk.
Audit Metadata