task-planner
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to read environment configuration variables, specifically CLAUDE_MAX_CONCURRENT and CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, to configure its internal planning logic.\n- [EXTERNAL_DOWNLOADS]: The skill lists WebFetch as an allowed tool, which grants the agent the capability to retrieve external resources from the internet during the task analysis phase.\n- [PROMPT_INJECTION]: As a task planner, the skill is inherently exposed to indirect prompt injection through the analysis of user requests and repository files.\n
- Ingestion points: Processes untrusted content from user instructions and codebase files retrieved via Read, Grep, and Glob tools.\n
- Boundary markers: There are no explicit instructions for using delimiters or boundary markers to distinguish between system instructions and data from external files.\n
- Capability inventory: The planning agent has the ability to execute Bash commands, perform web fetches, and create new tasks with specific instructions through the TaskCreate tool.\n
- Sanitization: The instructions do not provide a mechanism for sanitizing or filtering instructions that might be embedded within the files being analyzed during the exploration phase.
Audit Metadata