tasks-core
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands and external CLI tools (br, hzl, rg, grep, mv, cp, cat) as its primary mechanism for routing task operations and managing task files.\n- [EXTERNAL_DOWNLOADS]: The skill references and provides installation instructions for the HZL CLI from well-known package registries (Homebrew and NPM).\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves and displays untrusted data (titles, descriptions, comments) from external task backends.\n
- Ingestion points: Content is read from the tasks/ directory, the Beads database via br show, and the HZL ledger via hzl task show.\n
- Boundary markers: No specific delimiters or "ignore instructions" warnings are used when processing backend content.\n
- Capability inventory: The agent can execute shell commands and write to the filesystem.\n
- Sanitization: No sanitization or validation of the ingested content is performed before presentation to the agent.
Audit Metadata