task-breakdown
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by using external user input to define task objectives and criteria.
- Ingestion points: User-provided feature descriptions are ingested through the
$ARGUMENTSparameter inSKILL.md. - Boundary markers: There are no delimiters or specific instructions to the agent to treat the interpolated user input as untrusted data.
- Capability inventory: The skill utilizes file-system write capabilities to create task definitions in the
.tmp/tasks/directory and references other executable skills. - Sanitization: No input validation, escaping, or output sanitization is performed on the data before it is written to the task files.
- [NO_CODE]: The skill consists solely of markdown-based instructions and does not include any executable scripts, binaries, or source code files.
Audit Metadata