Skills
skills/vineethsoma/agent-packages/task-delegation/Gen Agent Trust Hub

task-delegation

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill's apm.yml file lists a dependency on vineethsoma/agent-packages/skills/spec-driven-development. This repository and author are not part of the trusted list, introducing a potential third-party dependency risk.\n- COMMAND_EXECUTION (MEDIUM): The delegation prompts and scripts (delegate-story.prompt.md, init-delegation.sh) instruct the agent to perform sensitive operations including creating git worktrees and executing npm install or pip install. If the project being managed contains malicious configuration, these commands could lead to arbitrary code execution.\n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests data from untrusted local files (e.g., story-tracker.md) to populate delegation briefs and command arguments.\n
  • Ingestion points: specs/{feature}/stories/{story-id}/story-tracker.md, specs/{feature}/spec.md via the read tool.\n
  • Boundary markers: None identified; content is used directly for interpolation.\n
  • Capability inventory: Shell command execution (git, npm, pip), file editing, and script execution.\n
  • Sanitization: No evidence of input validation or escaping for interpolated variables like STORY_ID or AGENT_NAME.\n- DATA_EXFILTRATION (LOW): The skill accesses project specification files (specs/**/*.md). While consistent with the stated purpose, this provides a mechanism for an agent to read potentially sensitive internal architectural or business logic documentation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 04:24 PM