add-task
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
${CLAUDE_PLUGIN_ROOT}/scripts/create-folders.shto initialize the required directory structure for task management. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection by persisting raw, untrusted user input into markdown files within the
.specs/tasks/directory. If downstream processes or agents read these files and treat the content as instructions, they could be compromised. - Ingestion points: User input argument (task title/description).
- Boundary markers: Absent; the input is written directly into a markdown section without escaping or explicit instruction delimiters.
- Capability inventory: Uses the
Writetool to create files andbashfor folder initialization. - Sanitization: No sanitization or validation is performed on the user-provided text before it is written to the file system.
Audit Metadata