task
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): This skill is vulnerable to indirect prompt injection because it takes untrusted user input and includes it in generated task documents (docs/task/*.md) which are subsequently used as the instruction set for follow-up agents like /implement. An attacker could provide a malicious task description containing instructions for the implementation agent to perform unauthorized actions. Evidence Chain: 1. Ingestion points: User requirements provided during discussion and existing entries in the TASKS.md file. 2. Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from following embedded instructions in the generated markdown. 3. Capability inventory: Writing files to the repository and utilizing the Task tool to spawn subagents for automated implementation. 4. Sanitization: Absent; there is no evidence of input validation or escaping before user content is interpolated into task templates.
Audit Metadata