Skills
skills/olafurns7/skills/feature-tasks-work/Gen Agent Trust Hub

feature-tasks-work

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute a local script scripts/taskctl (which acts as a wrapper for taskctl.mjs) to manage the task queue and orchestration state. While this is the intended functionality, it involves the execution of script code provided within the skill.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it reads content from project-specific files and interpolates it into prompts for sub-agents.
  • Ingestion points: Untrusted data enters the context from planning/<title-slug>/SPEC.md and tasks.yaml.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate interpolated file content from the agent's delegation instructions.
  • Capability inventory: The orchestrator agent has the capability to execute local scripts, read/write planning and status files, and communicate with other model instances.
  • Sanitization: There is no mention of sanitization, filtering, or validation of the content read from SPEC.md or tasks.yaml before it is used in outbound prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:46 PM