task-scaler
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads from .claude/config.yaml at session start to determine task thresholds. This creates a surface where external data enters the session context.
- Ingestion points: .claude/config.yaml via yq in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: The skill only performs a configuration read; no network, file-write, or code execution capabilities are present in the skill's scripts.
- Sanitization: Absent.
- Command Execution (SAFE): The SessionStart hook uses a benign shell command to check for the yq utility and load local settings. This is a standard operational pattern for configuration management.
Audit Metadata