nexus-create-tasks

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the 'probe' command-line interface to interact with project and task databases. It performs read operations on actions and projects and write operations to create new tasks and send messages.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests project specifications and git-based requirement files to define task scope.
  • Ingestion points: Project scope and requirement headers are retrieved using 'probe project get' and 'probe project spec show'.
  • Boundary markers: No specific delimiters or instructions to disregard embedded commands are included for the data processing steps.
  • Capability inventory: The skill can create new task entities and broadcast messages to a 'general' channel.
  • Sanitization: The retrieved project specifications are used to populate task fields without explicit sanitization or validation steps mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 02:12 AM
Security Audit — agent-trust-hub — nexus-create-tasks