research-task-splitter
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through its processing of external research plan files.
- Ingestion points: The skill ingests data from files located at 'research/**/*-research-plan.md' (Step 1).
- Boundary markers: No markers are defined to help the agent distinguish between legitimate research data and potentially malicious instructions embedded in the plans.
- Capability inventory: The agent has the capability to read local files and write JSON files to the filesystem (Step 3).
- Sanitization: The skill does not specify any sanitization for the 'slug' identifier or the subtask descriptions, which are extracted directly from untrusted input and used to define file paths and content.
Audit Metadata