task
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill researches existing codebase files and task logs to gather context for planning. This creates a vulnerability surface where malicious instructions embedded in the analyzed code or documentation could influence the planning output or downstream automation.
- Ingestion points: Step 2 (Codebase Research) and Step 3 (TASKS.md reading) in the workflow.
- Boundary markers: Absent. There are no instructions for the agent to use delimiters or to disregard embedded instructions within the files it reads.
- Capability inventory: File system write operations for task documents and the ability to trigger the /implement agent via the Task tool.
- Sanitization: Absent. No logic is defined to filter or sanitize content retrieved during the research phase.
- [Command Execution] (SAFE): While the skill manages an automated pipeline (implement, test, document, ship), it does so using structured tool calls and predefined sub-agent prompts rather than arbitrary shell execution.
Audit Metadata