Skills
skills/webriq/claude-skills/task/Gen Agent Trust Hub

task

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted data from the local environment to generate task specifications.
  • Ingestion points: The skill reads the existing codebase for context ("Research codebase for context") and parses the TASKS.md file to determine the next task ID.
  • Boundary markers: There are no explicit instructions to the agent to ignore or delimit embedded instructions within the files it reads.
  • Capability inventory: The agent has the capability to write to the filesystem (creating docs/task/*.md and updating TASKS.md) and to spawn sub-agents (e.g., /implement).
  • Sanitization: The instructions do not define any validation or sanitization logic for the content read from the codebase before it is interpolated into new task documents.
  • [COMMAND_EXECUTION]: The skill performs automated file system operations, including creating a directory structure (docs/task/), creating new Markdown files, and programmatically updating the TASKS.md tracking file.
  • [EXTERNAL_DOWNLOADS]: The skill references an external GitHub repository (github.com/eljun/claude-skills) within its version display logic. While this specific instance is used for informational purposes, it points users to external code maintained outside of the primary vendor's infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 02:05 AM