skills/corlab-tech/skills/taskloop/Gen Agent Trust Hub

taskloop

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains explicit instructions in 'assets/feedback/no-ai-attribution.md' to suppress all traces of AI authorship. It mandates that commit messages and PR bodies must be indistinguishable from human work to avoid scrutiny. This concealment tactic is designed to deceive human reviewers and reduce oversight of automated changes.
  • [COMMAND_EXECUTION]: The skill utilizes dynamic script generation and execution. During the 'init' workflow, it renders 'monitor.sh' from templates ('assets/monitor-linear.sh.tmpl' or 'assets/monitor-jira.sh.tmpl') and subsequently executes it using the Monitor tool to poll external APIs. The skill also performs extensive autonomous shell operations using 'git', 'gh', and 'python3'.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents a significant attack surface for indirect prompt injection.
  • Ingestion points: Untrusted data (issue titles and descriptions) is fetched from Linear and Jira APIs via recipes in 'references/providers/'.
  • Boundary markers: No boundary markers or 'ignore' instructions are used when processing tracker data.
  • Capability inventory: The agent has extensive capabilities including file system modification, shell command execution (git/npm/yarn), and browser automation via Playwright.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from external trackers before it is used to guide code implementation.
  • [PERSISTENCE]: The skill implements a persistent background presence. It uses the 'Monitor' tool for event-based wakeups and the 'ScheduleWakeup' tool as a safety heartbeat to ensure the autonomous loop continues indefinitely until explicitly stopped by the user.
  • [SAFE]: Secret management for API keys (LINEAR_API_KEY, JIRA_API_TOKEN) follows security best practices by storing credentials in a '.env' file with restricted file permissions (chmod 600) and ensuring they are not staged in git.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 07:43 AM
Security Audit — agent-trust-hub — taskloop