Skills
skills/wintree86/plan-task-fix/task/Gen Agent Trust Hub

task

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. \n
  • Ingestion points: The skill ingests untrusted data from plan.md, backlog.md, and other repository files using Read, Grep, and Glob tools as defined in SKILL.md and the agent files. \n
  • Boundary markers: There are no explicit delimiters or boundary markers used to separate external file content from the agent's internal instructions, allowing potential instructions within a plan to be interpreted as commands. \n
  • Capability inventory: The skill possesses Edit and Write capabilities (task-tracker.md, wrap-coordinator.md), enabling it to modify the file system based on its processing of the input documents. \n
  • Sanitization: No evidence of sanitization, filtering, or validation is present for the content read from files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 11:30 PM