Skills
skills/arinhubcom/arinhub/ah-task-creator/Gen Agent Trust Hub

ah-task-creator

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external project files.
  • Ingestion points: The skill reads content from 'prd.md' and 'AGENTS.md' to generate prompts for various subagents.
  • Boundary markers: There are no explicit delimiters or protective instructions used when passing external file content to the subagents to prevent them from following instructions embedded within the data.
  • Capability inventory: The agent has the ability to execute shell commands, perform git commits, and write files to the local filesystem.
  • Sanitization: While a distillation step exists in the 'Specify' phase, the 'Plan' phase utilizes more direct content, increasing the risk of instruction leakage.
  • [COMMAND_EXECUTION]: The skill executes local shell commands to determine context.
  • Evidence: Uses 'git branch --show-current' to dynamically set the output directory and progress tracking paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:17 PM