next-task
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection by design.
- Ingestion points: Content retrieved from the 'rune next' command output and files referenced in 'front_matter_references'.
- Boundary markers: Absent. There are no instructions or delimiters defined to distinguish between data and instructions within the task content.
- Capability inventory: The agent is instructed to execute local commands via the 'rune' tool, read project files, and spawn autonomous subagents to handle work streams.
- Sanitization: Absent. The skill lacks any logic to validate or sanitize external task descriptions or file content before implementation.
Audit Metadata