Skills
skills/steloit/squad-skills/squad-heartbeat/Gen Agent Trust Hub

squad-heartbeat

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses sensitive local configuration files ~/.squad/auth and ~/.squad/config to retrieve SQUAD_AUTH_TOKEN and SQUAD_BASE_URL. This is a vendor-owned resource used for authenticating with the platform.
  • [COMMAND_EXECUTION]: Utilizes subprocess.run to execute curl commands for retrieving project lists, board tasks, and task activity, as well as for posting new activity events to the API.
  • [DATA_EXFILTRATION]: Transmits retrieved platform data and authentication headers to the configured BASE_URL, which defaults to the vendor domain steloit-squad.vercel.app.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted task titles and statuses from the Squad API and interpolates them into a markdown report and activity log messages without sanitization.
  • Ingestion points: Fetches board data and task details via curl from the Squad API.
  • Boundary markers: No delimiters or safety instructions are provided when presenting task titles in the markdown output.
  • Capability inventory: The skill has the capability to execute shell commands via subprocess.run.
  • Sanitization: No validation or escaping is applied to the task metadata retrieved from the API before it is processed or displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:03 PM
Security Audit — agent-trust-hub — squad-heartbeat