task-intelligence
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform task matching and orchestration by executing shell commands that interpolate raw user input (e.g.,
python agent-orchestrator/scripts/match_skills.py "<tarefa do usuário>"). This pattern is vulnerable to command injection if the user input contains shell metacharacters such as semicolons, pipes, or backticks, which could allow arbitrary execution beyond the intended script. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the user and passes it to sensitive command-line tools without sanitization.
- Ingestion points: User task descriptions are ingested and used as query arguments for the
match_skills.pyandorchestrate.pyscripts. - Boundary markers: The skill uses double quotes to wrap the user input within the command template, which can be bypassed using escape characters in many shell environments.
- Capability inventory: The agent utilizes shell command execution to interface with the
agent-orchestratorrepository and local Python scripts. - Sanitization: No logic or instructions are provided to sanitize or validate the user-provided task string before it is used to construct shell commands.
Audit Metadata