Skills
skills/gendosu/agkan-skills/agkan-run-direct/Gen Agent Trust Hub

agkan-run-direct

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands using git, gh (GitHub CLI), and agkan. These include fetching branch information, pulling code, and updating task statuses. These operations are appropriate for the skill's intended use as a development automation tool.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from an external source (the agkan task tracker) and interpolates it into a prompt for a sub-agent.
  • Ingestion points: Task titles, bodies, and metadata retrieved via agkan task list and agkan task get in Step 6.
  • Boundary markers: The skill uses basic Markdown headers (e.g., ## Task Information) to separate data from instructions. These delimiters are weak and can be easily bypassed by adversarial content within a task's body.
  • Capability inventory: The sub-agent (triggered via the Task tool) is given broad instructions to 'Implement task' and 'follow its procedures to implement', which typically involves file system modifications and further command executions.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the task content before it is placed into the prompt argument of the sub-agent call.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:42 AM