skills/itzptk/skills/t3code-thread/Gen Agent Trust Hub

t3code-thread

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user data which is subsequently forwarded to a high-privilege remote environment.
  • Ingestion points: User-provided "Prompt text" and "attachments" defined in SKILL.md.
  • Boundary markers: Use of Markdown headers (## Task, ## Context) is encouraged to structure the generated payload.
  • Capability inventory: The downstream T3 environment executes in full-access mode, which includes file system modification and code execution capabilities.
  • Sanitization: No explicit sanitization or filtering of user-supplied prompt content is specified before transmission.
  • [COMMAND_EXECUTION]: The skill relies on local script execution and system tools to manage its workflow.
  • Evidence: Execution of python3 ~/.agents/skills/t3code/scripts/launch_thread.py and git worktree list --porcelain for environment setup and verification.
  • [DATA_EXFILTRATION]: The skill transmits project data and instructions to a remote endpoint using authentication tokens.
  • Evidence: WebSocket RPC commands (thread.turn.start) are sent to a configurable httpBaseUrl with bearer authorization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 10:26 AM
Security Audit — agent-trust-hub — t3code-thread