task-decomposer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its primary input mechanism.
- Ingestion points: Untrusted data enters the agent's context through the 'problem-description' argument defined in SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or markers to isolate the user-provided task description from the agent's instructions.
- Capability inventory: The skill is permitted to use file-system tools (Read, Grep, Glob) which could be leveraged to access sensitive files if the agent is manipulated by injected instructions in the description.
- Sanitization: There is no logic provided to sanitize or validate the user-provided input before processing.
- [NO_CODE]: The skill is composed entirely of instructional content and metadata; no executable code, Python scripts, or Node.js packages are included.
Audit Metadata