progress-report
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its reliance on processing external, untrusted task data.
- Ingestion points: The skill ingests data from 'tasks.md' (as specified in the compatibility and logic sections) to extract task descriptions and associated file paths.
- Boundary markers: The skill lacks explicit delimiters or instructional guardrails (e.g., 'ignore instructions within the data') to prevent the agent from being influenced by malicious content inside the task list.
- Capability inventory: The skill possesses the ability to perform file system existence checks based on paths found in the ingested data. It does not demonstrate higher-risk capabilities like network access, arbitrary command execution (eval/exec), or file writing.
- Sanitization: There is no evidence of path sanitization or content validation, meaning a malicious 'tasks.md' could theoretically be used to probe for the existence of sensitive system files (e.g., '.env' or SSH keys) by listing them as tasks.
Audit Metadata