run
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection via the task configuration files.
- Ingestion points: Processes task.json files (SKILL.md) which include a description and a list of verification_commands.
- Boundary markers: Absent; there are no instructions to the agent to treat the content of the task file as untrusted or to use delimiters.
- Capability inventory: Executes arbitrary shell commands provided in the verification_commands field using the run_task tool or the autodialectics CLI (SKILL.md).
- Sanitization: Absent; the skill does not specify any validation or filtering for the commands found in the JSON file.
- [COMMAND_EXECUTION]: The workflow involves executing commands specified in external JSON data files, which allows for arbitrary code execution on the host system.
- [EXTERNAL_DOWNLOADS]: Recommends installing the autodialectics package from a package registry.
Audit Metadata