work-delegator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute a local script
scripts/create_delegation.pyto generate task packages. This is a functional requirement of the skill using a locally provided resource. - [PROMPT_INJECTION]: The skill processes external, potentially untrusted data from project files which creates a surface for indirect prompt injection attacks.
- Ingestion points: Reads task descriptions and metadata from
.pm/backlog/items.yaml,.pm/config.yaml, and.pm/roadmap.md. - Boundary markers: The skill does not define explicit boundary markers or instructions to ignore embedded commands within the ingested project data.
- Capability inventory: The skill has the capability to execute command-line scripts (
scripts/create_delegation.py). - Sanitization: There is no evidence of sanitization or filtering of content retrieved from the project files before it is included in delegation packages.
Audit Metadata