task-focus
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill processes untrusted content from external task files without boundary markers or sanitization. Ingestion points: The task-file argument and the content of the file being parsed. Boundary markers: Absent. Capability inventory: Performs file movement (git mv), updates file content, and interacts with the TodoWrite tool. Sanitization: Absent. Malicious instructions inside a task file could influence the agent's behavior during the parsing and display stages.
- COMMAND_EXECUTION (HIGH): The skill accepts an arbitrary file path as a parameter and instructs the agent to move it to a specific directory. This can be exploited to move or relocate sensitive system files (e.g., SSH keys or configuration files) into the skill's working directory.
- DATA_EXFILTRATION (MEDIUM): The process of parsing arbitrary file content and loading it into the TodoWrite tool could lead to sensitive information from system files being exposed within the agent's context or tool logs.
Recommendations
- AI detected serious security threats
Audit Metadata