t3code-thread
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data which is subsequently forwarded to a high-privilege remote environment.
- Ingestion points: User-provided "Prompt text" and "attachments" defined in
SKILL.md. - Boundary markers: Use of Markdown headers (
## Task,## Context) is encouraged to structure the generated payload. - Capability inventory: The downstream T3 environment executes in
full-accessmode, which includes file system modification and code execution capabilities. - Sanitization: No explicit sanitization or filtering of user-supplied prompt content is specified before transmission.
- [COMMAND_EXECUTION]: The skill relies on local script execution and system tools to manage its workflow.
- Evidence: Execution of
python3 ~/.agents/skills/t3code/scripts/launch_thread.pyandgit worktree list --porcelainfor environment setup and verification. - [DATA_EXFILTRATION]: The skill transmits project data and instructions to a remote endpoint using authentication tokens.
- Evidence: WebSocket RPC commands (
thread.turn.start) are sent to a configurablehttpBaseUrlwith bearer authorization.
Audit Metadata