task-decomposer
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its method of ingesting and acting upon external data.\n
- Ingestion points: External data enters through user task descriptions and domain-specific configuration files located at
skills/.curated/domains/<domain>/ECOSYSTEM.md.\n - Boundary markers: Absent; the instructions do not implement markers or warnings to disregard instructions within the ingested content.\n
- Capability inventory: High; the skill has permissions to write code, create files, and execute tasks.\n
- Sanitization: Absent; no validation or sanitization of input data or domain paths is defined.\n- [COMMAND_EXECUTION]: The skill is authorized to perform file system operations and code generation during task execution, which could be leveraged if malicious instructions are successfully injected.
Audit Metadata