100Critical
The skill allows arbitrary command execution and command
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Add Backlog Items: Add work items to a sprint through guided brainstorming and structured planning.
Actually does
The skill reads `BACKLOG.md`, `HANDOFF.md`, and `.sprint-config` files to determine sprint context. It guides the user through brainstorming and planning, then creates or updates `BACKLOG.md`, `refs/designs/F{n}-{name}.md`, and `active/F{n}-{name}.md`. In worktree mode, it uses `git worktree list`, `git worktree remove`, and a custom `worktree.command` to manage git worktrees, and can optionally invoke `/sprint:plan-backlog`.
Skill Info
Nameworkingdanny911/dannys-claude/add-backlog
Registrygithub
Version3703f2cca01c
PURLpkg:github/workingdanny911/dannys-claude@3703f2cca01c?skill=add-backlog
Stars3
Source
SHA-2567b99b4ea0a1a...
SHA-12207458fd84c...
MD5a41c543338e5...
TLSH6812e916f918...
ssdeep192:AyWXqxZ0...
Size9,478 bytes
Install
Assessments (2)
AI Agent Traps ↗Arbitrary Command Execution via .sprint-configcriticalcommand execution
The skill explicitly reads and executes a command specified in the '.sprint-config' file ('worktree.command'). If an attacker can control this configuration file, arbitrary commands can be executed on the host system.
100% confidence
Use command from .sprint-config (worktree.command)
Path Traversal/Arbitrary File Access via User Inputhighdata exfiltration
The skill prompts the user for a sprint 'path or name'. If this input is not properly sanitized, it could lead to path traversal, allowing the agent to read or write files outside the intended sprint directory.
100% confidence
If not found, ask: 'Which sprint? (path or name)'
Command Injection via Unsanitized Feature Namehighcommand injection
User-provided Feature Names are used to construct branch names and worktree paths. If these inputs are not sanitized before being used in shell commands (e.g., 'git worktree add'), it could lead to command injection.
100% confidence
Suggest branch name: feature/F{n}-{kebab-name}Direct Command Execution Capabilityhighcommand execution
The skill explicitly executes 'git worktree list', demonstrating direct command execution capability. This confirms the agent's ability to interact with the underlying shell environment.
100% confidenceline 146
Show existing worktrees: `git worktree list`
Inter-skill Invocation (Sub-agent Spawning)lowsub agent spawning
The skill can invoke other internal skills (e.g., '/sprint:plan-backlog'). This capability, if combined with attacker-controlled parameters or malicious sub-skills, could lead to chained attacks or resource abuse.
80% confidence
Invoke /sprint:plan-backlog for the selected Task
RAG Poisoning via External Configuration Filesmediumrag poisoning
The agent's reasoning and actions are heavily influenced by external files like '.sprint-config', 'BACKLOG.md', and guideline documents. Malicious content in these files could poison the agent's RAG or memory, leading to incorrect decisions or actions.
90% confidenceline 78
Read .sprint-config, Read BACKLOG.md, Read assets/{type}/guidelines.mdBadge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/workingdanny911/dannys-claude/add-backlog)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/workingdanny911/dannys-claude/add-backlog"><img src="https://mondoo.com/ai-agent-security/api/badge/github/workingdanny911/dannys-claude/add-backlog.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/workingdanny911/dannys-claude/add-backlog.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow