nav-task
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The scripts
index_updater.pyandtask_formatter.pyallow for indirect prompt injection by placing user-provided task metadata into documentation files that the agent relies on for session context. - Ingestion points:
descriptionandstatusarguments infunctions/index_updater.py;title,priority,complexity, andstatusarguments infunctions/task_formatter.py. - Boundary markers: Absent. Input strings are placed directly into markdown templates without protective delimiters or instructions to ignore embedded commands.
- Capability inventory:
functions/index_updater.pyhas the capability to write to the local file system (.agent/DEVELOPMENT-README.md). - Sanitization: No validation or escaping of markdown control characters is performed on user inputs, allowing an attacker to inject arbitrary markdown structures or instructions.
Audit Metadata