validation-task-artifacts
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of markdown-based instructions, checklists, and templates for manual or AI-assisted artifact review. No scripts or executables are included in the skill package.
- [PROMPT_INJECTION]: The skill processes untrusted external data (task-mapping.md, tasks.md) as part of its review function, creating an indirect prompt injection surface. However, the skill lacks high-risk capabilities—such as network operations, file system modifications, or shell execution—that could be leveraged by an attacker through this surface. Evidence found in
SKILL.md(Step 1: Gather Context) andPHASE-CHECKLISTS.md(Cross-Reference Steps). - [COMMAND_EXECUTION]: The skill documentation includes examples of shell commands (e.g.,
mkdir,dart run,touch) withinPHASE-CHECKLISTS.md. These are clearly identified as reference examples for what a 'Good Verification Task' should look like in a project plan, rather than commands to be executed by the agent itself.
Audit Metadata