implementation-task-creator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from local architecture files to generate task files and update project state. Ingestion points: Architecture markdown files located at {project_path}/architecture/{component}.md. Boundary markers: None; the agent processes the file content directly. Capability inventory: The skill uses Write and Edit file capabilities to create task files and modify project state. Sanitization: No content validation or sanitization is performed on the ingested data.
- [COMMAND_EXECUTION]: The workflow includes instructions to run ddev phpunit commands, which is standard behavior for verifying TDD steps in the targeted Drupal development environment.
Audit Metadata