Skills
skills/gendosu/agkan-skills/execute-task-direct/Gen Agent Trust Hub

execute-task-direct

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local shell commands, including git pull and multiple subcommands of the agkan CLI tool (task list, task block list, task update) to manage development workflows.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It retrieves external data (task titles and bodies) from the agkan tool and interpolates this content directly into the prompt of a sub-agent without sanitization.
  • Ingestion points: Task content is ingested from the agkan task list output (specifically the id, title, and body fields).
  • Boundary markers: The prompt uses basic Markdown headers (## Task Information) and list markers (- Body: <body>), which may not be sufficient to prevent an attacker from breaking out of the instruction context if the task body contains adversarial content.
  • Capability inventory: The sub-agent triggered via the Task tool is granted the capability to implement code changes directly in the local environment.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the task content before it is passed to the sub-agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:42 AM