agent-specification
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Detected a potential surface for indirect prompt injection where untrusted user input is processed by the agent's internal hooks.
- Ingestion points: The "$TASK" environment variable is ingested in the "pre" hook defined in "SKILL.md".
- Boundary markers: Absent; the variable is interpolated directly into a command string without delimiters or "ignore embedded instructions" warnings.
- Capability inventory: The skill executes shell-based hooks ("echo", "memory_store", "date") in "SKILL.md".
- Sanitization: Absent; there is no evidence of escaping or validation of the "$TASK" content before it is processed by the hook script.
- COMMAND_EXECUTION (LOW): The skill utilizes shell commands within its "pre" and "post" hooks for logging and state management. While these are used for the primary purpose of the skill, the inclusion of the untrusted "$TASK" variable within these commands introduces a potential command injection vulnerability if the execution environment does not properly escape shell metacharacters.
Audit Metadata