find-task-skills
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes procedures from external files and instructs the agent to "Follow the procedure exactly" and "Do not second-guess," reducing the agent's defensive posture against malicious instructions within those files.
- [PROMPT_INJECTION]: Mandatory Category 8 Evidence Chain:
- Ingestion points: Markdown files located in
skills/aitc-task-<batch>/(referenced in SKILL.md, Step 4). - Boundary markers: Absent. There are no instructions or delimiters to help the agent distinguish between data and potentially malicious instructions.
- Capability inventory: Execution of a local bash script (
list-task-skills.sh) and file editing capabilities (described in Step 5). - Sanitization: Absent. No sanitization or verification logic is applied to the content of the external files before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill executes a bundled shell script (
list-task-skills.sh) to list files and parse YAML frontmatter. Although the script is a vendor-provided resource and utilizes quoting to prevent basic argument injection, it represents an active command execution capability.
Audit Metadata