create-task-spec
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (
read_file.pyandwrite_file.py) via shell commands to perform essential file operations. These scripts are used to load configuration files, read architecture documentation, access templates, and save the final task specifications to the local filesystem. - [PROMPT_INJECTION]: The skill's primary function involves ingesting and interpolating untrusted data, creating an attack surface for indirect prompt injection.
- Ingestion points: Content is retrieved from
.claude/config.yaml, architecture and standards documentation, previous implementation records, and the user's requirement input. - Boundary markers: The skill uses markdown headers and source citation tags (e.g.,
[Source: filename#section]) to distinguish between different data sources in its output, but these are not strict security boundaries. - Capability inventory: The skill has the capability to read any file accessible by the
read_file.pyscript and write to the directory defined in thetaskLocationconfiguration. - Sanitization: No programmatic sanitization or filtering of the ingested data is performed; the skill relies on the large language model's instructions to maintain context and avoid inventing details.
Audit Metadata