task-dependency-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The task management patterns involve processing and acting upon user-supplied task subjects and descriptions, which serves as an ingestion surface for indirect prompt injection.\n
- Ingestion points: The
scripts/task-tree-visualizer.pyutility processes task JSON from stdin, and agents retrieve task data usingTaskListandTaskGettools.\n - Boundary markers: No specific delimiters or instructions to ignore nested directives within task metadata are established in the rules or reference materials.\n
- Capability inventory: The skill provides a Python script for execution and defines patterns for spawning subagents and teammates via the
Tasktool.\n - Sanitization: No input validation, escaping, or sanitization logic is implemented for the task content fields.\n- [Static Analysis] (SAFE): The documentation and rules strictly adhere to its stated purpose of improving workflow efficiency and multi-agent coordination. No prompt injection overrides or obfuscation techniques were found.\n- [Code Analysis] (SAFE): The
scripts/task-tree-visualizer.pyscript is a secure implementation that uses only standard Python libraries and includes cycle detection to prevent infinite recursion when visualizing dependency trees.
Audit Metadata