ultrawork
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on external shell scripts (ultrawork-init-hook.sh, ultrawork-stop-hook.sh) to manage state transitions and automation logic. These scripts are not provided within the skill itself but are integral to its operation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by taking user-supplied feature names and passing them directly into the specify skill and subsequent automated hooks.
- Ingestion points: User feature requests parsed in SKILL.md (Step 1).
- Boundary markers: None. The feature name is passed directly as an argument to the specify skill without delimiters.
- Capability inventory: The skill environment allows Bash execution and tool invocation (Skill), which could be abused if the feature name contains shell metacharacters or malicious payloads.
- Sanitization: There is no evidence of input validation or escaping; the skill only instructs the agent to convert the input to kebab-case.
Audit Metadata