to-tasks
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: The skill gathers context from the conversation (plans, specs, PRDs) and existing issues via the
bd showcommand (SKILL.md Step 1). 2. Boundary markers: There are no explicit markers or instructions provided to the agent to isolate or ignore instructions within the ingested data. 3. Capability inventory: The skill has the capability to execute shell commands using thebd createtool (SKILL.md Step 5). 4. Sanitization: No explicit sanitization or escaping of the ingested data is defined, although Step 4 requires the user to review and approve the breakdown before publication. - [COMMAND_EXECUTION]: The skill constructs and executes shell commands (
bd create) using strings (titles, descriptions, acceptance criteria) generated from external content. This interpolation of untrusted data into shell commands poses a potential command injection risk if the environment does not properly handle shell metacharacters within the command string.
Audit Metadata