task-observer

Pass

Audited by Gen Agent Trust Hub on Jun 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including grep, sed, sort, and tail to maintain an internal observation log. These commands are employed to verify observation numbering and resolve potential write-collisions in environments with parallel sessions.
  • [EXTERNAL_DOWNLOADS]: The skill references its own documentation and user guides hosted on GitHub (github.com/rebelytics). It is designed to fetch these files to ensure the user has access to the most current methodology and instructions.
  • [PROMPT_INJECTION]: The skill processes 'handoff documents' and session history to extract improvement opportunities. This ingestion of potentially untrusted data constitutes a surface for indirect prompt injection. However, the skill implements a multi-step analysis protocol to mitigate the risk of the agent obeying instructions embedded within the processed data.
  • [DATA_EXFILTRATION]: The skill requires persistent storage access to maintain an observation log and a cross-cutting principles file. It stages updated skill files in a 'skill-updates' directory within the user's workspace for review and manual installation, which is a core functional requirement of the meta-skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 2, 2026, 09:22 AM
Security Audit — agent-trust-hub — task-observer