Complex Task Executor
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture creates an attack surface for indirect prompt injection through its task planning and execution cycle.
- Ingestion points: The agent reads the
workspace/<task-name>/plan.mdfile using theread_filetool during the execution phase to determine its next steps. - Boundary markers: While the skill enforces a specific Markdown structure for the plan, it does not include instructions or delimiters to isolate user-provided task details from the agent's internal instruction set.
- Capability inventory: The agent is empowered to perform arbitrary tool calls and file system operations based on the steps it generates from user descriptions.
- Sanitization: The methodology does not require the agent to validate or sanitize user-provided data before integrating it into the actionable plan file.
Audit Metadata