quadrants
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/quadrants-cli.sh performs local command execution of curl and jq. It employs secure coding practices by using jq variables for JSON construction, which effectively mitigates shell injection vulnerabilities when handling user-provided data like task descriptions.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to https://quadrants.ch. This is the legitimate destination for the service the skill is designed to interact with. No unauthorized or suspicious remote domains were detected.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from an external source. * Ingestion points: Data enters through the tasks, priority, search, and overview actions in scripts/quadrants-cli.sh when fetching task content from the API. * Boundary markers: The skill lacks explicit markers or instructions to treat data from the API as untrusted content. * Capability inventory: Subprocess calls to curl for task creation, deletion, and modification in scripts/quadrants-cli.sh. * Sanitization: There is no evidence of sanitization or filtering of the task descriptions retrieved from the API.
Audit Metadata