skills/steipete/clawdis/taskflow/Gen Agent Trust Hub

taskflow

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from external sources (Gmail and GitHub). This is a vulnerability surface where malicious content in an email or pull request could attempt to influence agent behavior.
  • Ingestion points: Untrusted data is ingested via gog.gmail.search in examples/inbox-triage.lobster and gh pr list in examples/pr-intake.lobster.
  • Boundary markers: The classification prompts used in the examples do not implement explicit delimiters or boundary markers to isolate untrusted input.
  • Capability inventory: The skill orchestrates tools with capabilities to send messages (Slack, Telegram) and modify repository state (closing PRs, refactoring branches).
  • Sanitization: There is no evidence of sanitization or escaping of the external content before it is interpolated into classification prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:26 AM
Security Audit — agent-trust-hub — taskflow