project-task-migrations
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill presents a high-tier vulnerability surface by reading untrusted data from local project files and using that data to drive file-writing actions.
- Ingestion points: The skill workflow requires loading and summarizing content from
/project/*.mdfiles (SKILL.md). - Boundary markers: Absent. There are no specified delimiters or instructions to treat data from these files as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the capability to create and modify files in the
/project/directory. - Sanitization: Absent. There is no evidence of logic to sanitize, escape, or validate external content before it is processed by the agent.
- Data Exposure (LOW): The skill performs directory traversal and file reads on local paths including
/project/,AGENTS.md, and therules/directory. While consistent with the skill's stated purpose, this provides a surface for accessing sensitive local project data.
Recommendations
- AI detected serious security threats
Audit Metadata