ah-create-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs legitimate git operations such as 'git branch' and '/commit', and utilizes the '/speckit' toolset to generate and manage documentation artifacts.
- [PROMPT_INJECTION]: The skill has an attack surface for Indirect Prompt Injection. Ingestion points: It processes content from 'prd.md', 'adr.md', 'AGENTS.md', and external information retrieved via web research tools. Boundary markers: No explicit delimiters or instructions are provided to the subagents to ignore or isolate potentially malicious instructions embedded within these input files. Capability inventory: Orchestrated subagents possess capabilities for file creation, file modification, and git repository management. Sanitization: The skill lacks validation or sanitization mechanisms for the data ingested from external or user-provided files before it is processed by high-reasoning models.
Audit Metadata