task
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes content from potentially untrusted files within the repository.
- Ingestion points: The agent is directed to read CLAUDE.md, LEARNINGS.md, and arbitrary codebase files identified via Glob and Grep tools in Step 0 and Step 2.
- Boundary markers: The skill does not define delimiters or instructions to treat the ingested project content as non-executable data.
- Capability inventory: The agent possesses file-writing capabilities (creating docs/task/*.md and updating TASKS.md) and the ability to trigger a secondary implementation agent via the Task() sub-agent call.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the codebase before it is embedded into the task documentation or passed to the implementation sub-agent.
Audit Metadata