Skills
skills/levnikolaevich/claude-code-skills/ln-300-task-coordinator/Gen Agent Trust Hub

ln-300-task-coordinator

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of external task data.
  • Ingestion points: The skill ingests untrusted data from storyId (via CLI args, git branch names, or kanban entries), Story Acceptance Criteria (AC), and Technical Notes (Phase 2).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the story content are defined.
  • Capability inventory: The skill executes shell-based grep commands on the local source code and delegates task operations to worker skills (ln-301, ln-302) with autoApprove=true (Phase 4).
  • Sanitization: No evidence of sanitization, escaping, or validation of the story content before it is used to build plans or passed to workers.
  • [COMMAND_EXECUTION]: The skill performs automated discovery by executing commands on the local environment.
  • Evidence: Phase 2 explicitly instructs the agent to "Grep src/ for error handlers, validators, utilities" to find reusable patterns.
  • [DATA_EXPOSURE]: The skill accesses multiple sensitive local project files to discover context.
  • Evidence: It reads docs/tasks/kanban_board.md, CLAUDE.md, and any files matching technical notes or context for the story being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:31 AM