doc-tasks-fixer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands, specifically sha256sum, to verify the integrity of upstream documentation files during the drift detection phase.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing external audit and review reports to determine and execute file system modifications and content updates.
- Ingestion points: The skill ingests data from external TASKS-NN.A_audit_report_vNNN.md files and legacy review documents.
- Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to prevent the agent from obeying malicious commands embedded within the input reports.
- Capability inventory: The skill utilizes powerful file system capabilities including directory creation (os.makedirs), file relocation (shutil.move), and direct content manipulation (Path.write_text).
- Sanitization: No sanitization or validation logic is described for the instructions or data extracted from the external reports before they are used to influence agent behavior or modify files.
Audit Metadata