complete-task
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the task files it processes. * Ingestion points: Task content is ingested via the
npx @jagersoftware/fine showcommand. * Boundary markers: There are no instructions to treat task content as untrusted data or use delimiters. * Capability inventory: The agent is granted the ability to write code, create files, and execute arbitrary shell commands. * Sanitization: There is no evidence of sanitization or validation of the task steps before implementation. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and execute the@jagersoftware/finepackage. This resource is associated with the vendor 'quinlanjager'. - [COMMAND_EXECUTION]: The workflow explicitly directs the agent to "run commands, whatever the step requires" and execute tests using
bun test, which allows for arbitrary code execution driven by external task data.
Audit Metadata