working-on
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a set of guidelines for task management and context retention. No malicious behavior or high-risk commands were identified within the instructions.
- [NO_CODE]: The skill does not include any executable scripts, binaries, or external package dependencies (npm, pip, etc.).
- [PROMPT_INJECTION]: The skill creates a surface for both direct and indirect prompt injection by instructing the agent to treat a tracking document ($path) and user arguments as the 'source of truth'.
- Ingestion points: Content read from the tracking document at
$pathand instructions provided in theargument-hintfield. - Boundary markers: The skill lacks explicit markers or delimiters to differentiate between task data and potential embedded instructions.
- Capability inventory: The agent is authorized to create/update files and monitor local Git repository history.
- Sanitization: No input validation or instruction-filtering is applied to the tracking document's content.
Audit Metadata