Skills
skills/jamie-bitflight/claude_skills/generate-task/Gen Agent Trust Hub

generate-task

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill incorporates untrusted user input via the $ARGUMENTS variable into the agent's context. This creates a surface for indirect prompt injection where a user-provided task description could contain instructions designed to bypass the intended formatting logic or influence subsequent agent behavior.
  • Ingestion points: The $ARGUMENTS placeholder in SKILL.md receives the user's task description.
  • Boundary markers: The input is wrapped in <task_description> XML-style tags, providing some structural separation.
  • Capability inventory: The skill itself does not define any subprocess calls, file-write operations, or network access.
  • Sanitization: No explicit sanitization, validation, or escaping of the user-provided input is performed before it is interpolated into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:40 AM