unified-taskflow
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative directives to enforce a specific workflow and tool usage, such as overriding default artifact handling. These instructions are aimed at maintaining operational consistency within the provided framework rather than bypassing security protocols. Additionally, the skill processes user-provided task descriptions which are stored in grounding files; however, the framework incorporates explicit boundary markers like the 'Anchor Mirror' and a 'Re-grounding Protocol' to mitigate the risk of intent drift through its ingestion points (anchor.md, checkpoint.md) and capability to write files.
- [COMMAND_EXECUTION]: The skill includes and references local Python scripts (task-lifecycle.py, session-catchup.py) to manage task lifecycle and file synchronization. These scripts perform standard file system operations, such as creation, moving, reading, and writing, strictly within the project's .taskflow/ directory and do not execute external or untrusted code.
Audit Metadata