process-task-list
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to run shell commands for test suites (pytest, npm test, bin/rails test) and version control (git add, git commit). These are standard tools for the skill's stated purpose of implementing a Product Requirements Document (PRD).
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from a 'generated task list' and 'PRD context'.
- Ingestion points: The markdown task list and external PRD documentation.
- Boundary markers: None specified.
- Capability inventory: Execution of shell commands for git and language-specific test runners.
- Sanitization: No explicit sanitization or filtering of task list content before processing.
- Mitigation: The skill explicitly requires the agent to pause and receive user confirmation ('yes' or 'y') before starting any sub-task implementation.
Audit Metadata