implement-task
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The skill relies on external task files to define the implementation workflow and evaluation rubrics. Ingestion points: Reads task definitions from .specs/tasks/ or user-specified paths in Phase 0 and 1. Boundary markers: Absent. The skill interpolates step titles and rubric descriptions directly into sub-agent prompts without delimiters or instructions to ignore embedded commands. Capability inventory: The orchestrator can launch sub-agents, execute shell commands (git, ls), and modify project files. Sanitization: Absent. No validation is performed on the content parsed from the task files.
- [COMMAND_EXECUTION]: The skill uses git and shell commands for file management and change detection. While intended for orchestration, these capabilities could be misused if input paths were manipulated through a malicious task file.
Audit Metadata