nexus-create-tasks
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'probe' command-line interface to interact with project and task databases. It performs read operations on actions and projects and write operations to create new tasks and send messages.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests project specifications and git-based requirement files to define task scope.
- Ingestion points: Project scope and requirement headers are retrieved using 'probe project get' and 'probe project spec show'.
- Boundary markers: No specific delimiters or instructions to disregard embedded commands are included for the data processing steps.
- Capability inventory: The skill can create new task entities and broadcast messages to a 'general' channel.
- Sanitization: The retrieved project specifications are used to populate task fields without explicit sanitization or validation steps mentioned in the workflow.
Audit Metadata