gtm-task-generator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is a template generator that collects user input and writes it directly into a TASK.md file intended for consumption by an autonomous agent ('Ralph'). This creates an indirect prompt injection surface.
- Ingestion points: User input collected during the campaign setup workflow (Product, Goal, Tasks).
- Boundary markers: None; the user input is interpolated directly into the markdown structure without delimiters.
- Capability inventory: The skill writes files to the local file system and suggests a local script execution command.
- Sanitization: No sanitization is performed on user-provided strings before they are saved to the filesystem.
Audit Metadata