task-splitting
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
agent-teamCLI for task creation as part of its core workflow. This functionality is restricted by a requirement for explicit user confirmation before any commands are executed, ensuring user control over the process. - [DATA_EXFILTRATION]: The skill reads user-specified local source documents to extract information for task decomposition. This access is scoped specifically to the provided files and is used to generate local task files in a sibling directory.
- [PROMPT_INJECTION]: The skill processes untrusted input from source documents which presents a potential surface for indirect prompt injection. This risk is managed through a mandatory manual review step. Ingestion points: User-provided source documents in
SKILL.md. Boundary markers: Instructions define the source document and user clarifications as the sole authority for task scope. Capability inventory: Access to theagent-team task createcommand. Sanitization: Requirement for explicit user confirmation before creating any task packages.
Audit Metadata