squad-kickstart
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell tools like
curlandjqto manage project tasks. It employsjqto safely build JSON payloads, which is a best practice to prevent command injection or malformed data issues when handling variables like task titles and descriptions. - [EXTERNAL_DOWNLOADS]: The skill communicates with an API endpoint defined by the
$BASE_URLvariable. This network activity is restricted to the skill's primary function of task orchestration and project management. - [DATA_EXFILTRATION]: There is no evidence of sensitive data being sent to unauthorized external domains. The skill uses project-specific credentials (
AUTH_HEADER) to interact with its intended backend service. - [PROMPT_INJECTION]: The skill provides clear, task-oriented instructions without any attempts to bypass safety filters, extract system prompts, or override the agent's core behavioral guidelines.
- [DATA_EXPOSURE]: The skill reads from a shared configuration file (
../squad/shared.md) to resolve environment variables and authentication tokens. This is a standard and safe method for managing configuration in this agent environment.
Audit Metadata