task
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes project files such as 'LEARNINGS.md' and user-provided instructions to inform its research and planning phase. This is an inherent part of the task-planning workflow.\n
- Ingestion points: 'Workflow Step 0' (reading 'LEARNINGS.md') and 'Workflow Step 1' (gathering user requirements).\n
- Boundary markers: No explicit markers are used to separate untrusted data from the internal prompt logic.\n
- Capability inventory: File system operations (reading/writing to 'docs/task/' and 'TASKS.md'), codebase searching ('Glob', 'Grep'), and triggering other agent skills via the 'Task' tool.\n
- Sanitization: No explicit sanitization or validation of the ingested content is described before it is used to generate new task documents.\n- [COMMAND_EXECUTION]: Uses standard filesystem search utilities ('Glob', 'Grep') for codebase research. These actions are limited to the repository context and are necessary for the skill's stated purpose of gathering context for new feature development.\n- [EXTERNAL_DOWNLOADS]: Includes a reference to the author's official GitHub repository ('https://github.com/eljun/workflow-skills') within the versioning metadata. This is a passive documentation link and does not facilitate automated remote code execution or unauthorized downloads.
Audit Metadata