Skills
skills/charon-fan/agent-playbook/long-task-coordinator/Gen Agent Trust Hub

long-task-coordinator

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing externalized state data.
  • Ingestion points: The skill reads state files (e.g., docs/<topic>-state.md) to recover task status at the start of each coordination cycle, as described in SKILL.md and references/workflow.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the contents of the state file as untrusted data or to ignore instructions embedded within those files.
  • Capability inventory: The skill allows the use of the Bash tool and file-system modification tools (Write, Edit) to advance tasks, which creates a risk if the agent's actions are influenced by malicious content within a state file.
  • Sanitization: No sanitization or validation logic for the state file content is specified before the agent processes it for decision-making.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 05:39 PM