Skills
skills/e0ipso/strikethroo/st-execute-task/Gen Agent Trust Hub

st-execute-task

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill instructions require the agent to read and follow "hooks" (Markdown files) located within the user's project workspace.
  • Ingestion points: The agent reads instructions from <root>/config/hooks/PRE_TASK_ASSIGNMENT.md, PRE_TASK_EXECUTION.md, and POST_ERROR_DETECTION.md as specified in Steps 6, 8, and 11.
  • Boundary markers: Absent. No instructions are provided to treat the hook content as untrusted or to wrap it in delimiters.
  • Capability inventory: The agent can perform file system operations (read/write task files), execute local Node.js scripts via shell, and deploy sub-agents using an internal Task tool.
  • Sanitization: Absent. No validation or filtering is performed on the hook file content before the agent adopts its instructions.
  • [COMMAND_EXECUTION]: Local Script Execution. The skill invokes three local JavaScript scripts to handle project logic.
  • Files: scripts/find-strikethroo-root.cjs, scripts/validate-plan-blueprint.cjs, and scripts/check-task-dependencies.cjs.
  • These scripts process user-provided inputs (plan-id, task-id) to resolve file paths for project metadata and task files.
  • validate-plan-blueprint.cjs allows an absolute path as a plan-id, which the agent uses to read the targeted file. While this is an intended feature for plan resolution, it gives the agent broad file-reading capabilities based on user input.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 02:12 PM
Security Audit — agent-trust-hub — st-execute-task