find-next-task
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) by processing untrusted data from project files.
- Ingestion points: Reads JSON files from 'docs/plans/', the root, or recursively via '**/*.json'.
- Boundary markers: No delimiters or warnings are used to tell the agent that the plan content is untrusted.
- Capability inventory: The output contains 'steps', 'description', and 'files' which directly guide the agent's next operations.
- Sanitization: Validates JSON structure but does not filter the text content for malicious commands.
Audit Metadata