Skills
skills/avifenesh/agentsys/discover-tasks/Gen Agent Trust Hub

discover-tasks

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gh, glab, and grep commands for task retrieval and interaction. It interpolates variables such as $PROJECT_NUMBER, $OWNER, and $TASK_ID directly into shell commands. This creates a surface for command injection if the underlying state or policy data (e.g., the project owner or issue ID) is sourced from an untrusted or compromised configuration.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves task data from GitHub and GitLab. These operations use official CLI tools (gh and glab) and target well-known service providers for standard task management functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted external content.
  • Ingestion points: Untrusted data enters the agent context via GitHub issues, GitLab issues, and local files (e.g., tasks.md, PLAN.md) as documented in SKILL.md Phases 2 and 2.5.
  • Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore embedded instructions within the fetched task bodies or titles.
  • Capability inventory: The skill has the ability to execute shell commands via Bash and can influence user actions through AskUserQuestion.
  • Sanitization: While task labels are truncated to meet UI length limits, no validation, filtering, or escaping is performed on the content of the task bodies or titles before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 09:21 PM