trellis-finish-work
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts to perform workflow automation.
- Evidence: Runs
python3 ./.trellis/scripts/task.pyandpython3 ./.trellis/scripts/add_session.pyto manage project state. - [INDIRECT_PROMPT_INJECTION]: The skill interpolates session data (titles, summaries, and task names) directly into command-line arguments.
- Ingestion points: Data is ingested from the conversation context into command arguments in
SKILL.md. - Boundary markers: No explicit boundary markers or sanitization instructions are present for the interpolated strings.
- Capability inventory: The skill has the capability to execute local scripts via
python3as defined inSKILL.md. - Sanitization: There is no evidence of input validation or escaping for the session metadata before it is passed to the shell.
Audit Metadata