review-plan
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from task files.
- Ingestion points: The skill reads markdown files from the ./apex/tasks/ directory.
- Capability inventory: Capabilities include reading local files and using glob or ls to verify the existence of specified file paths.
- Boundary markers: No explicit delimiters or instructions are used to distinguish the task file content from the agent's core instructions.
- Sanitization: There is no evidence of content validation or sanitization for the data extracted from the task files.
Audit Metadata