doc-tasks-autopilot
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
ls) to verify the existence of nested folder structures and executes a local Python script (ai_dev_flow/scripts/update_traceability_matrix.py) to update project metadata. These operations are restricted to the local project directory. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) because it ingests and processes untrusted data from specification documents to automate task generation.
- Ingestion points: The skill reads input from
SPEC-NNandTSPEC-NNdocuments located in thedocs/directory. - Boundary markers: While it follows the
IPLAN-004standard for input resolution, the skill description does not specify the use of delimiters or 'ignore' instructions to isolate untrusted text during the generation process. - Capability inventory: The skill is capable of reading/writing files, executing shell commands/Python scripts, and invoking a chain of other internal skills (
doc-tasks-fixer,doc-tasks-reviewer, etc.). - Sanitization: No explicit sanitization, escaping, or validation of the content within the upstream specification documents is mentioned prior to its interpolation into the task generation pipeline.
Audit Metadata