task-estimation
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design, which involves processing untrusted external data sources.
- Ingestion points:
SKILL.md(Step 2) andreferences/intake-packets-and-route-outs.mdspecify that the agent should ingest artifacts such as issue lists, PRDs, specs, and note dumps to generate estimates. - Boundary markers: The instructions do not define clear delimiters or specific warnings to the agent to ignore or isolate instructions potentially embedded within these external documents.
- Capability inventory: The skill allows access to
Bash,Read,Write,Edit,Glob, andGreptools to interact with the file system. - Sanitization: No explicit validation or filtering logic is provided to sanitize the content of the ingested project artifacts before processing.
Audit Metadata