scope-task
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where malicious instructions could be embedded in data it processes.
- Ingestion points: The skill reads external project context from ROADMAP.md and SPEC.md files, and accepts a Task Title directly from user input.
- Boundary markers: The instructions do not define clear delimiters or use 'ignore embedded instructions' warnings when handling these inputs.
- Capability inventory: The skill possesses file-write capabilities via the Edit tool and network access via the WebSearch tool.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content read from files or provided by the user before it is used to compose the action item or perform research.
- [DATA_EXFILTRATION]: The skill incorporates architectural details from SPEC.md into WebSearch queries. While necessary for the stated research purpose, this behavior results in the disclosure of project-specific information to external search engines.
- [COMMAND_EXECUTION]: The skill uses the Edit tool to modify local files based on generated content. If the agent's reasoning is compromised by poisoned input or documentation, it could be manipulated into performing unauthorized or destructive edits to the project's roadmap file.
Audit Metadata