task-checker
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute local test commands such as pytest, npm test, go test, cargo test, and ctest. This capability is necessary for its auditing function but poses a risk if auditing untrusted projects.
- [PROMPT_INJECTION]: The skill processes JSON plan files which serve as an indirect prompt injection surface. 1. Ingestion points: Task descriptions and criteria from the plan file. 2. Boundary markers: No delimiters are used to separate untrusted plan content. 3. Capability inventory: Execution of shell commands and file writing via the update_plan parameter. 4. Sanitization: The skill does not describe any sanitization of the input plan data.
Audit Metadata