task-execute
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create and execute a shell script (
init.sh) to initialize the project environment, including starting services and running migrations. - [EXTERNAL_DOWNLOADS]: The generated initialization script performs package installations using
npm install, which fetches code from external registries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads context from external files and git history without explicit boundary markers or sanitization.
- Ingestion points: Files like
claude-progress.md,docs/specs/,docs/plans/, and the output ofgit logare read to reconstruct session state. - Boundary markers: The instructions do not define delimiters or warnings to ignore instructions within these files.
- Capability inventory: The agent has the ability to execute shell commands, install packages, and modify the file system.
- Sanitization: There is no mechanism to validate or sanitize the content retrieved from project documentation or logs before processing.
Audit Metadata