build-task
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources (GitHub issues, Linear tasks, and local plan files) and interpolates this content directly into prompts for sub-agents (like 'architect' and 'build-task-workflow-manager') without sanitization or clear boundary markers.
- Ingestion points: File paths 'docs/plans/*.md', external task references via GitHub/Beads/Linear APIs (via 'task-fetcher' agent).
- Boundary markers: Absent; untrusted content is passed as strings within prompt blocks.
- Capability inventory: Access to 'Bash' for command execution, 'Task' tool for calling other agents, and 'Skill' tool for executing further automation logic.
- Sanitization: None detected in the instruction flow.
- [COMMAND_EXECUTION]: Utilizes shell commands (Bash) for environment detection, branch management, and configuration reading. While the commands are used for legitimate setup tasks (e.g., 'git remote show', 'git branch --show-current'), they form part of a broader autonomous execution chain triggered by external input.
Audit Metadata