ultrawork
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill acts as an orchestration framework for parallel task processing. All instructions are focused on optimizing task distribution and model tier selection.
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands, such as 'npm install' and build scripts, via delegated sub-agents. These are standard operations for its intended use case as a development tool.
- [PROMPT_INJECTION]: The skill accepts user-supplied task descriptions that are subsequently passed to execution sub-agents. This constitutes an indirect prompt injection surface.
- Ingestion points: The 'argument-hint' and task description inputs in SKILL.md.
- Boundary markers: No explicit instructions for delimiters or guardrails around sub-agent prompts are provided.
- Capability inventory: The skill leverages 'oh-my-claudecode:executor' agents which possess file-write and command-execution capabilities.
- Sanitization: No content filtering or validation is specified for the input data before it is delegated to sub-agents.
Audit Metadata