Skills
skills/malue-ai/dazee-small/planning-task/Gen Agent Trust Hub

planning-task

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow instructions in SKILL.md (Phases 2 and 3) direct the agent to load and execute Python scripts using the exec() function on content read from scripts/generate_plan.py and scripts/generate_todo.py. This method of dynamic loading is a high-risk pattern that can be used to execute arbitrary code if the filesystem is manipulated.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user input to generate task plans and markdown files without adequate safeguards.\n
  • Ingestion points: User-provided project goals or requests (processed in SKILL.md as user_intent).\n
  • Boundary markers: Absent; there are no delimiters or explicit instructions to the agent to disregard embedded commands within the user input.\n
  • Capability inventory: The skill writes to the filesystem (workspace/plan.json, workspace/todo.md) and executes Python logic within the agent's code execution context.\n
  • Sanitization: Absent; no validation, filtering, or escaping is performed on the user-provided string before it is interpolated into task objects and saved to files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 02:08 AM