task-estimation

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design, which involves processing untrusted external data sources.
  • Ingestion points: SKILL.md (Step 2) and references/intake-packets-and-route-outs.md specify that the agent should ingest artifacts such as issue lists, PRDs, specs, and note dumps to generate estimates.
  • Boundary markers: The instructions do not define clear delimiters or specific warnings to the agent to ignore or isolate instructions potentially embedded within these external documents.
  • Capability inventory: The skill allows access to Bash, Read, Write, Edit, Glob, and Grep tools to interact with the file system.
  • Sanitization: No explicit validation or filtering logic is provided to sanitize the content of the ingested project artifacts before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — task-estimation