task-loop
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted backlog files to generate persistent instructions, creating an indirect prompt injection surface.
- Ingestion points: Reads backlog.md (or user-provided path) in SKILL.md Step 1 and 2.
- Boundary markers: Absent; the generated PROMPT.md does not use delimiters to isolate adapted content.
- Capability inventory: The skill uses file-writing tools to create PROMPT.md, run-log.md, and .gitignore.
- Sanitization: Absent; content from the backlog is directly adapted into the generated prompt template.
Audit Metadata