Skills
skills/julianromli/opencode-template/task-generator/Gen Agent Trust Hub

task-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection through untrusted external data.
  • Ingestion points: The skill ingests data from 'specs or requirements' provided by the user or external files.
  • Boundary markers: There are no markers or instructions to isolate the specification text or tell the agent to ignore embedded instructions within the data.
  • Capability inventory: The skill has the capability to write files to the local system (at /tasks/tasks-[feature-name].md) and it generates shell commands like git checkout and npx jest for the user to run.
  • Sanitization: No sanitization or validation of the input spec is performed before it is translated into a task list. A malicious spec could include instructions that the agent converts into dangerous 'tasks' for a junior developer to execute.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:23 AM