execute-task
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Susceptibility to Indirect Prompt Injection.
- Ingestion points: Reads from 'specs/tasks.md', 'specs/product_specs.md', and 'specs/architecture.md'.
- Boundary markers: Uses labels like 'GOAL:' and 'ACTION ITEMS:' but lacks strict delimiters or instructions for subagents to ignore nested commands.
- Capability inventory: The 'task-executor' subagent possesses 'implement-feature' and 'use-git-worktree' skills, allowing file and repository modifications.
- Sanitization: Content is interpolated directly into agent prompts without escaping or validation.
- [COMMAND_EXECUTION]: Executes shell and git commands.
- Uses 'git worktree', 'git merge', and 'git branch' to manage code changes.
- These actions are fundamental to the skill's purpose of orchestrating task implementation.
Audit Metadata