atomic-tasks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill's XML schema includes a element which encourages the agent to run arbitrary shell commands (e.g., npm test, curl). This represents a significant capability that could be abused if the task source is malicious. Evidence: Found in Verification Patterns in SKILL.md and Element Reference in xml-format.md.
- [PROMPT_INJECTION] (LOW): The skill describes a workflow for processing tasks from external markdown files (ITEM-XXX.md). This creates an indirect prompt injection surface where a malicious task could contain instructions or destructive commands. Evidence: Documented in the Parsing Tasks and Integration with Workflow sections. Mandatory Evidence Chain: 1. Ingestion points: Task definitions in ITEM-XXX.md. 2. Boundary markers: Absent from the provided XML schema. 3. Capability inventory: Shell command execution (via npm, curl) and file system operations (create, modify, delete). 4. Sanitization: Absent; no validation logic is provided for the commands found within the task data.
Audit Metadata