ak-task
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on local CLI tools (
ak,gh) to perform its functions. It executes commands to manage boards, tasks, agents, and Pull Requests. It also uses system utilities likepsandgrepfor health monitoring. These actions are within the expected scope of a task management tool. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content such as repository code, documentation, and PR diffs, creating a potential surface for indirect prompt injection.
- Ingestion points: Files are read from the repository in Phase 1 (Step 2) and Phase 2 (Step 6). PR data is fetched from GitHub during review gates.
- Boundary markers: The instructions guide the agent to evaluate content against technical and functional criteria but do not provide explicit delimiters or "ignore instructions" markers for the untrusted data.
- Capability inventory: The skill has significant capabilities including merging code, creating/deleting tasks, and modifying agent configurations.
- Sanitization: No specific sanitization or escaping of external content is defined before processing or interpolation into commands.
- [DYNAMIC_EXECUTION]: The skill dynamically generates and applies
Agent YAMLconfigurations to define worker agent behaviors (soul) and capabilities (skills) at runtime. While this involves modifying the execution environment of sub-agents, it is a core feature of the delegation model and follows the architecture's design.
Audit Metadata