kanban-worker
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs agents to read and adapt their behavior based on 'summaries', 'errors', and 'comment threads' from previous runs retrieved via the
kanban_showtool. This represents an indirect prompt injection surface where a malicious actor or a compromised prior agent could inject instructions into these fields to influence the current agent's execution. - Ingestion points: Metadata and comments retrieved from the Kanban system via
kanban_show(e.g., therunslist and comment history). - Boundary markers: The instructions do not define boundary markers or clear separations to distinguish between system guidance and potentially untrusted task data.
- Capability inventory: The agent has the ability to modify files within its workspace (
$HERMES_KANBAN_WORKSPACE), create new tasks viakanban_create, and mark tasks as complete or blocked with custom summaries. - Sanitization: There are no instructions for validating, sanitizing, or escaping the content retrieved from the Kanban system before it is processed or acted upon.
Audit Metadata