Skills
skills/daishiman/aiworkfloworchestrator/task-specification-creator/Gen Agent Trust Hub

task-specification-creator

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/capture-screenshots.js dynamically generates a JavaScript file (.capture-tmp.mjs) containing Playwright automation logic and executes it using execSync. Generating and executing code at runtime is a high-risk pattern that can lead to code injection.
  • [COMMAND_EXECUTION]: The script scripts/run-review-task.js uses spawnSync to execute arbitrary commands based on user-provided runner names and arguments. This provides a vector for command execution within the agent's environment.
  • [PROMPT_INJECTION]: The skill implements scripts/detect-unassigned-tasks.js, which scans the local codebase for comments (TODO, FIXME, HACK, XXX). These comments originate from potentially untrusted files and are interpolated into reports without sanitization, creating a surface for indirect prompt injection.
  • [EXTERNAL_DOWNLOADS]: scripts/capture-screenshots.js requires the installation of external packages like playwright and the chromium browser. While these are provided by well-known services and organizations, the skill's infrastructure facilitates the runtime download and execution of these external binaries.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 04:52 PM
Security Audit — agent-trust-hub — task-specification-creator