task-plan
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transforms untrusted external input into executable instructions without sanitization.
- Ingestion points: SKILL.md instructs the agent to read from URLs, file paths, and external text (Step 1).
- Boundary markers: The skill lacks instructions to wrap untrusted data in delimiters or warn the agent to ignore embedded instructions.
- Capability inventory: The agent generates a backlog.md file containing 'Verification' steps that are designed to be run as shell commands.
- Sanitization: There are no steps to validate or filter the ingested data before it is written to the output file.
Audit Metadata