Skills
skills/shunsukehayashi/lark-harness/addness/Gen Agent Trust Hub

addness

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes data from external and potentially attacker-controlled sources.
  • Ingestion points: The skill extracts goal identifiers and descriptions from git branch names (e.g., goal/<ID>/description) in SKILL.md and addness-work-start.md. It also retrieves and displays goal titles, descriptions, comments, and deliverables from an external service in SKILL.md and addness-context.md.
  • Boundary markers: There are no boundary markers or instructions to the agent to treat data from these sources as untrusted or to ignore any instructions embedded within them.
  • Capability inventory: The skill allows the agent to execute shell commands via addness-cli and perform git operations.
  • Sanitization: No sanitization or validation of the input strings from git branches or the external API is specified in the instructions.
  • [COMMAND_EXECUTION]: The skill relies on external binaries addness-cli and addness which are required to be present on the system path for the skill to function, as specified in the metadata.requires.bins field of SKILL.md. These binaries are not provided with the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:36 AM