Skills
skills/compozy/skeeper/cy-create-tasks/Gen Agent Trust Hub

cy-create-tasks

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the compozy tasks validate command to check the integrity of the task breakdown. This command is part of the vendor's local toolchain and operates on project-specific data.\n- [PROMPT_INJECTION]: The skill processes external PRD and TechSpec documents which could contain indirect prompt injection instructions.\n
  • Ingestion points: Reads from _prd.md, _techspec.md, and ADR files located in the .compozy/tasks/<name>/ directory.\n
  • Boundary markers: The skill uses defined markdown sections for its own output but does not implement special delimiters or warnings when reading source documentation content.\n
  • Capability inventory: The skill can explore the local codebase, write files to the .compozy directory, and execute the compozy command-line utility.\n
  • Sanitization: No programmatic sanitization of input documentation is performed; however, the process includes a manual user review and approval step that mitigates the risk of the agent following malicious instructions embedded in the requirements.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:08 AM
Security Audit — agent-trust-hub — cy-create-tasks