task-agent
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: All filesystem interactions are mediated by the
task_manager.pyscript, which enforces specific Kanban operations. This prevents the agent from performing arbitrary or direct manipulation of the host filesystem. - [PROMPT_INJECTION]: The skill processes user-provided task content through its 'get' and 'search' commands. 1. Ingestion points: Markdown files in lane directories are read by
task_manager.py. 2. Boundary markers: Task content is displayed to the agent without explicit isolation markers. 3. Capability inventory: File read/write and directory management mediated by the CLI. 4. Sanitization: Filenames are sanitized for safety, but task body content is processed as raw text. This represents a surface for indirect prompt injection, but the risk is low due to the skill's restricted capabilities. - [SAFE]: Analysis confirms the skill is focused on its stated purpose. No hardcoded credentials, remote downloads from unknown sources, or persistence mechanisms were found in the provided files.
Audit Metadata