tasks-spec-update
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes local shell commands (
git,grep,find) to analyze source code and specifications. It includes a bash loop in Phase 4 for cross-referencing file contents. These operations are restricted to the local environment and are standard for the tool's documented purpose. - [DATA_EXFILTRATION] (SAFE): No network operations or external data transfer mechanisms (e.g., curl, wget) are present. All analysis and writing are performed within the local filesystem.
- [PROMPT_INJECTION] (SAFE): The skill contains no instructions designed to override the agent's core safety protocols or system prompts.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill has a defined attack surface for indirect prompt injection.
- Ingestion points: Reads content from the local filesystem via
git diff,grep, andfind(SKILL.md, Phase 1 and 4). - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the files being analyzed.
- Capability inventory: The skill has
Bash,Write, andEditpermissions, allowing it to modify files based on ingested data. - Sanitization: Absent; the skill directly processes and cross-references file content without evident sanitization logic.
Audit Metadata