task-management
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill encourages a workflow where the agent reads and acts upon data from external sources, which constitutes an indirect prompt injection surface.
- Ingestion points: Task descriptions and issue details from the Linear MCP, the
bd(beads) tool, and theFOCUS.mdfile. - Boundary markers: Absent; there are no instructions to treat task content as untrusted or to use specific delimiters.
- Capability inventory: The agent is instructed to use these tools to coordinate work and instruct subagents, effectively propagating instructions from the task data to other agents.
- Sanitization: No sanitization or validation of the input from task management tools is described.
- [No Code] (SAFE): The skill is composed entirely of markdown instructions. No shell scripts, Python files, or binary executables are included, significantly limiting the direct execution risk.
Audit Metadata