ah-create-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Executes Git commands to retrieve environment context, including the current branch name and repository remote URL.
- [COMMAND_EXECUTION]: Reads and writes local files, including project documentation (
prd.md,adr.md,AGENTS.md) and a state-tracking progress file located at~/.agents/arinhub/progresses/. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its processing of external files and web research.
- Ingestion points: Untrusted data enters via user-provided
prd.mdandadr.mdfiles (Steps 1 and 7), and through web research results gathered by the researcher sub-agent (Step 9). - Boundary markers: Absent; the content is distilled or summarized and then interpolated directly into prompts for subsequent sub-agents without explicit delimiters.
- Capability inventory: The skill can perform Git commits, write to the repository and home directory, and spawn sub-agents with web research and command execution capabilities.
- Sanitization: Absent; the skill relies on the LLM's own distillation processes rather than formal sanitization or validation of the input file content.
- Mitigation: The workflow includes critical human-in-the-loop checkpoints during the clarification and complexity-checking phases, allowing for user review of the artifacts before final task generation.
Audit Metadata