tasknotes
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- The skill processes untrusted content from markdown task files within the user's vault, which creates a surface for indirect prompt injection where malicious instructions could influence agent behavior.
- Ingestion points: Multiple workflows in SKILL.md (Workflows 2, 3, 4, 5, 6, 8, and 9) require reading the full content of existing task files into the agent's context.
- Boundary markers: There are no instructions in the skill to use delimiters or specific guidance for the agent to treat ingested file content strictly as data rather than potential instructions.
- Capability inventory: The skill possesses extensive filesystem write access to create, modify, and move files within the task directory, representing a significant capability if the agent is compromised by injected instructions.
- Sanitization: No sanitization, validation, or filtering of the content read from files is defined in the skill's instructions.
Audit Metadata