tasks
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of untrusted specification files.
- Ingestion points: The skill reads data from
specs/product_specs.md,specs/architecture.md, andspecs/design_system.md(or corresponding directories) in Step 1. - Boundary markers: Absent. The workflow does not use specific delimiters or instructions to prevent the agent from obeying commands that might be hidden within these markdown files.
- Capability inventory: The skill has the capability to invoke subagents (
groundwork:researcher:researcher), call validation tools (groundwork:task-validation-loop), and write output to the filesystem (specs/tasks.md). - Sanitization: Absent. Data extracted from the architecture and PRD files is directly interpolated into the research prompt for the subagent in Step 3 without escaping or validation.
Audit Metadata