spawn-task
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): Vulnerability to indirect prompt injection through user-supplied task descriptions and requirements. Evidence: 1. Ingestion points: User input for 'Task Description', 'Scope', and 'Requirements' fields in SKILL.md used in the task prompt template. 2. Boundary markers: Absent; user input is directly interpolated into markdown sections without delimiters or 'ignore embedded instructions' warnings. 3. Capability inventory: Includes find and gh for discovery, and the ability to write new markdown files to the docs/tasks/ directory. 4. Sanitization: Absent; no escaping or validation is performed on the user-provided strings before they are written to disk.
- [Command Execution] (SAFE): Employs standard utilities like find, ls, and gh for project discovery. These operations are used for information gathering and are consistent with the skill's primary purpose.
Audit Metadata