task-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands such as
sed -i,grep,find, andmkdirto perform file operations and update task statuses. These commands are triggered by natural language inputs to manipulate local documentation files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted task data and user-provided variables.
- Ingestion points: The agent reads task titles, descriptions, and implementation steps from Markdown files stored in
docs/tasks/active/usingcatandgrep. - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potentially malicious content embedded within the task files it processes.
- Capability inventory: The skill possesses the ability to execute shell commands, specifically using
sed -ifor in-place file editing andfindfor file searching, which can be exploited if variables are manipulated. - Sanitization: There is no evidence of sanitization or escaping of user-provided inputs (such as the task title or step numbers) before they are used as variables in shell scripts, creating a surface for command injection.
Audit Metadata