task-tracking
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected in the task orchestration workflow.\n
- Ingestion points: Task descriptions and notes are read from JSON files in the
.tasks/directory, which are populated via CLI arguments inscripts/task_tracking.sh.\n - Boundary markers:
scripts/run_task_loop.shinterpolates these values into a prompt using only basic Markdown headers, which are insufficient to prevent an agent from following instructions embedded in the data.\n - Capability inventory: The agent is empowered to execute arbitrary shell commands (via
verify-command) and performgitoperations.\n - Sanitization: No validation or escaping is applied to untrusted task data before it is included in the AI prompt.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands.\n
scripts/run_task_loop.shprovides averify-commandto the agent and explicitly instructs it to execute the command for verification.\n- The orchestration script uses the
--dangerously-skip-permissionsflag when calling the Claude CLI, disabling safety prompts for tool execution.
Audit Metadata