create-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection via the processing of untrusted project documentation.
- Ingestion points: The skill reads product requirements documents (_prd.md), technical specifications (_techspec.md), and architectural decision records (ADRs) from the tasks directory, and explores the codebase via tool calls.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore potentially malicious instructions embedded within the ingested files during the enrichment process.
- Capability inventory: The skill has file-writing capabilities to generate and enrich task files that guide future agent or developer implementation work.
- Sanitization: No evidence of sanitization, validation, or escaping of ingested file content is present in the skill workflow.
Audit Metadata