work-delegator
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/create_delegation.pyto process backlog items. This is a standard integration pattern for task delegation and does not involve executing user-supplied strings or untrusted code. - [DATA_EXFILTRATION]: No network operations or data transmission patterns were identified. The skill only reads project metadata from the
.pm/directory and searches local.pyfiles within the project root to provide context for task delegation. - [INDIRECT_PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from
.pm/backlog/items.yamland interpolates it into instructions for downstream agents. - Ingestion points: Backlog item titles and descriptions are read from
.pm/backlog/items.yamlinscripts/create_delegation.py. - Boundary markers: Absent. The skill generates instructions and context packages without explicit delimiters or warnings to ignore instructions embedded in the processed data.
- Capability inventory: The skill itself has no high-risk capabilities like network access or shell execution; it only performs file system reads and text processing.
- Sanitization: Absent. Data from the backlog items is used directly in keyword searches and instruction templates without filtering for injection patterns.
- [REMOTE_CODE_EXECUTION]: The script uses
yaml.safe_load()to parse configuration files, which is a secure practice that prevents arbitrary object instantiation during deserialization.
Audit Metadata