plan-to-tasks
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to process untrusted project plans and specs provided by users to generate high-context 'Self-Contained Tasks'. This creates a significant surface for indirect prompt injection where an attacker could hide malicious instructions within a project plan that the skill then promotes into a formal task for an implementation agent. * Ingestion points: Processes markdown project plans and technical specs provided by users at runtime. * Boundary markers: None. The instructions do not specify any delimiters or warnings to ignore embedded commands within the ingested plans. * Capability inventory: The generated JSONL is intended to drive 'Implementation work' and populate 'work queues for external systems'. Downstream agents are instructed to follow these tasks 'independently'. * Sanitization: None. The skill is explicitly told to 'Extract ALL details' and create descriptions exceeding 1500 characters, potentially preserving malicious payloads.
Audit Metadata