task-planner
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a task planner that ingests potentially untrusted task descriptions and converts them into structured commands, creating a surface for indirect prompt injection.
- Ingestion points: User-provided task statements, assumptions, and project requirements processed in SKILL.md.
- Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: Use of the synapse CLI for task creation, assignment, and plan management.
- Sanitization: Absent; task descriptions are passed directly as arguments to CLI commands without visible escaping or validation.
- [COMMAND_EXECUTION]: The skill utilizes shell-based command substitution and pipelining to manage task identifiers and workflow orchestration.
- Evidence: Examples in SKILL.md demonstrate using $(...) and awk to extract task IDs from the output of synapse commands and pass them into subsequent shell variables and logic.
Audit Metadata