subagents-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input to generate markdown files that serve as instructions for other agents, creating an indirect prompt injection surface.
- Ingestion points: Untrusted content is ingested from PRDs, issue lists, todo lists, and conversation transcripts in the step-by-step process.
- Boundary markers: There are no explicit instructions or delimiters used to separate user-provided content from agent instructions, which could lead to sub-agents executing embedded commands.
- Capability inventory: The skill instructs the agent to use the 'create_file' tool to write task control and execution files to the filesystem.
- Sanitization: No input validation or sanitization logic is implemented to handle potentially malicious instructions contained within the user-supplied data.
Audit Metadata