multi-deliverable-tracking

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use filesystem tools like list_dir and shell commands such as ls or cat (via run_shell) to confirm the existence and integrity of deliverables before finishing a task.
  • [PROMPT_INJECTION]: The instructions utilize strong directive language (e.g., "CRITICAL", "MANDATORY", "BLOCKED") to enforce the tracking workflow. These instructions are focused on task reliability and completion logic rather than attempting to override platform safety protocols.
  • [PROMPT_INJECTION]: The skill establishes an indirect injection surface by parsing untrusted task requirements. 1. Ingestion points: user-provided task requirements in the prompt. 2. Boundary markers: none identified in the skill instructions. 3. Capability inventory: shell execution (run_shell), filesystem access (list_dir), and file creation. 4. Sanitization: no explicit validation or escaping of the parsed input is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:30 AM
Security Audit — agent-trust-hub — multi-deliverable-tracking