task-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill metadata (description field) contains an explicit instruction ('IMPORTANT: After completing ANY spec...') designed to trigger specific agent behavior. While intended for workflow management, it uses an imperative override pattern.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted input data (specs, plans, or PRDs) to generate actionable task lists without sanitization or boundary markers. This creates an attack surface where a malicious spec could include instructions that the agent might inadvertently incorporate into the generated tasks. Evidence Chain: 1. Ingestion points: User-provided specifications/requirements. 2. Boundary markers: Absent. 3. Capability inventory: File-write operations (creating and updating markdown task files). 4. Sanitization: Absent.
Audit Metadata