ai-native-dev
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is susceptible to instructions embedded in the project's task board that could manipulate agent behavior.\n
- Ingestion points: The agent is instructed to read
TASKS.mdfrom the project root at the start of every session and periodically during development.\n - Boundary markers: None. There are no delimiters or instructions provided to the agent to treat the contents of
TASKS.mdas untrusted data.\n - Capability inventory: The agent has file system write access (specifically to
TASKS.md) and is empowered to make autonomous decisions regarding prioritization, effort estimation, and status updates.\n - Sanitization: None. The skill explicitly commands the agent to 'not ask permission' and 'just do it' when updating the file, removing the human-in-the-loop safeguard.
Audit Metadata