task-completer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes WebFetch to retrieve Drupal security guidance from 'https://camoa.github.io/dev-guides/drupal/security/'. This domain is an official resource belonging to the author 'camoa' and is used as a reference for quality gates.
- [COMMAND_EXECUTION]: The skill employs a Bash command to move task files from an 'in_progress' directory to a 'completed' directory using the 'mv' utility. This is a standard file management operation consistent with the skill's purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads and processes the content of task files during the completion workflow.
- Ingestion points: Content is read from '{project_path}/implementation_process/in_progress/{task}.md' in the 'Verify Completion' step.
- Boundary markers: The skill does not implement specific delimiters or instructions to ignore embedded commands when reading the task documentation.
- Capability inventory: The skill has the capability to execute Bash commands (mv) and perform file edits.
- Sanitization: No explicit validation or sanitization of the markdown file content is performed prior to the agent processing the text.
Audit Metadata