Skills
skills/lirrensi/agent-cli-helpers/task-system/Gen Agent Trust Hub

task-system

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on an external CLI tool named tasks to manage project work items. This involves executing commands that modify and read files within the repository's tasks/ directory.
  • [PROMPT_INJECTION]: The skill instructions define a workflow where the agent reads free-form, potentially untrusted text from tasks/inbox.md to create structured tasks. This creates a surface for indirect prompt injection, as the agent may follow malicious instructions embedded in the inbox content during the 'promotion' process.
  • Ingestion points: tasks/inbox.md (read via tasks inbox or direct file access).
  • Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to ignore instructions within the inbox content.
  • Capability inventory: The agent uses the tasks CLI (a tool likely provided by the vendor 'lirrensi') to perform file writes and status updates. It may also have access to other general-purpose tools provided by the environment.
  • Sanitization: Absent; the skill does not mention any validation or filtering of the content read from the inbox before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:42 AM
Security Audit — agent-trust-hub — task-system