task-management
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of external data sources.
- Ingestion points: The skill reads meeting transcripts from Notion (pages prefixed with '@Date') and local context files within the
.context/directory. - Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the meeting transcripts being analyzed.
- Capability inventory: The skill uses
Read,Write, andEdittools to update local files such as.context/current-focus.mdand.context/projects/_index.mdbased on external input. - Sanitization: No sanitization or validation logic is present to filter malicious instructions embedded in meeting notes before they influence the agent's actions or local file modifications.
Audit Metadata