task-breakdown
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (LOW): The skill accepts arbitrary natural language input to generate task cards. While it lacks explicit sanitization, the risk is limited to the generation of low-quality or misleading task documentation. Ingestion points: User task descriptions via LLM interaction. Boundary markers: None. Capability inventory: Agent-side file writing to
src/renderer/TODO.mdand local execution of the benignbreakdown_validator.pyscript. Sanitization: None. - COMMAND_EXECUTION (INFO): The provided Python script
scripts/breakdown_validator.pyperforms static analysis on text files. It does not execute arbitrary shell commands or access the network.
Audit Metadata