task-folder-migrator
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via Bash to manage the file system during migration.
- Evidence: Step 4C and 4E use commands like
mkdir -p "{project_path}/implementation_process/in_progress/{task_name}"andmv "{project_path}/.../{task_name}.md" .... - Risk: The variables
{project_path}and{task_name}are derived from the environment or existing file names. Because these are wrapped in double quotes rather than single quotes in the bash string, shell metacharacters such as$(...)or`could be evaluated, leading to arbitrary command execution if a file is maliciously named. - [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8).
- Ingestion points: The skill reads untrusted content from existing markdown task files using the
Readtool in Step 4A. - Boundary markers: No delimiters or specific instructions (e.g., 'treat the following as data only') are present to isolate the read content from the agent's logic.
- Capability inventory: The agent has access to
Bash(system commands),Write(file creation), andRead(file access) across all migration scripts. - Sanitization: No validation or escaping is performed on the extracted content before it is interpolated into new file templates in Step 4D.
- Risk: Malicious instructions embedded within a task file's content could be interpreted by the agent as instructions during the parsing and migration process, particularly in 'Automatic Mode' where user confirmation is bypassed.
Audit Metadata