taskfile-automation
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability through untrusted project data.
- Ingestion points: The skill explicitly directs the agent to read and parse
Taskfile.ymlandTaskfile.yamlfrom the current workspace. - Capability inventory: The skill facilitates the execution of arbitrary shell commands through the
taskbinary based on the contents of these external files. - Boundary markers: No instructions are provided to the agent to distinguish between safe automation and malicious command injection within the task definitions.
- Sanitization: There is no requirement or guidance for the agent to sanitize, validate, or even inspect the underlying shell commands before executing them.
- [COMMAND_EXECUTION] (HIGH): Execution of arbitrary commands from an external source.
- The skill encourages the agent to 'Always prefer task commands over direct shell/language commands,' which effectively masks the underlying commands being executed, making it easier for malicious payloads in a
Taskfileto go unnoticed during the 'discovery' phase.
Recommendations
- AI detected serious security threats
Audit Metadata