task-generation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from requirement files that may contain untrusted data.
- Ingestion points: The skill reads content from
.ai/[feature-name]/prp.mdto generate tasks. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions embedded within the PRP file.
- Capability inventory: The agent has the ability to write files to the local disk and execute git commands.
- Sanitization: The skill does not implement sanitization or validation logic for the content read from the requirement files.
- [COMMAND_EXECUTION]: The skill instructions include automated version control operations.
- Evidence: Step 10 instructs the agent to stage and commit the generated task list using a predefined commit message template.
Audit Metadata