task-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts using shell commands to manage orchestration workflows.
- Evidence: Phase 2 in
SKILL.mdexecutespython agent-orchestrator/scripts/scan_registry.py,match_skills.py, andorchestrate.py. - Risk: User input is interpolated directly into the command line:
python agent-orchestrator/scripts/match_skills.py "<tarefa do usuário>". Without explicit sanitization by the environment, this presents a command injection surface if the user-provided task description contains shell metacharacters. - [PROMPT_INJECTION]: The skill facilitates an orchestration pattern that propagates untrusted user data to multiple specialized agents, acting as a surface for indirect prompt injection.
- Ingestion points: User-provided task descriptions enter the context in Phase 2 and are passed as queries to agents in Phase 3.
- Boundary markers: Absent. The protocol does not use delimiters or instructions to ignore embedded commands within the user task string.
- Capability inventory: The skill triggers shell execution (
python), file system operations (open), and potentially network-bound package installations (pip). - Sanitization: No sanitization or validation of the task input is specified in the instruction files.
- [EXTERNAL_DOWNLOADS]: The skill documentation references the use of external package managers for dependency resolution.
- Evidence:
references/problem-catalog.mdincludespip install -r requirements.txtas a preventative step for script execution errors, which involves fetching packages from remote registries.
Audit Metadata