Skills
skills/vanman2024/ai-dev-marketplace/task-patterns/Gen Agent Trust Hub

task-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The script scripts/test-task.sh uses a Python one-liner to check imports which executes the full content of the file. Finding: exec(open('$TASK_FILE').read()) in scripts/test-task.sh.
  • COMMAND_EXECUTION (MEDIUM): The script scripts/generate-task.sh is vulnerable to sed command injection through the TASK_NAME parameter. Finding: sed -i "s/def $FIRST_TASK(/def $TASK_NAME(/g" in scripts/generate-task.sh.
  • EXTERNAL_DOWNLOADS (LOW): Task templates include patterns for making outbound HTTP requests using the requests library which can be exploited for SSRF. Finding: fetch_api_data in templates/retry-task.py.
  • SAFE (INFO): The automated scan alert for logger.info is a false positive caused by misidentifying a code method as a URL.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:09 AM