trellis-finish-work

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts to perform workflow automation.
  • Evidence: Runs python3 ./.trellis/scripts/task.py and python3 ./.trellis/scripts/add_session.py to manage project state.
  • [INDIRECT_PROMPT_INJECTION]: The skill interpolates session data (titles, summaries, and task names) directly into command-line arguments.
  • Ingestion points: Data is ingested from the conversation context into command arguments in SKILL.md.
  • Boundary markers: No explicit boundary markers or sanitization instructions are present for the interpolated strings.
  • Capability inventory: The skill has the capability to execute local scripts via python3 as defined in SKILL.md.
  • Sanitization: There is no evidence of input validation or escaping for the session metadata before it is passed to the shell.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 10:57 PM
Security Audit — agent-trust-hub — trellis-finish-work