plan-task
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of natural language instructions and does not include any executable scripts or binary files.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design, as it interprets data from the project repository.
- Ingestion points: The skill reads the
task.mdfile and performs a scan of the entire repository codebase to gather context. - Boundary markers: There are no delimiters or specific instructions to the agent to treat file content as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent has the capability to read files, scan directories, and write/update the
task.mdfile in the project root. - Sanitization: No sanitization or validation logic is defined to filter malicious instructions out of the ingested file content before it is processed by the model.
Audit Metadata