Skills
skills/zircote/claude-team-orchestration/task-system/Gen Agent Trust Hub

task-system

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill allows for the creation and updating of tasks with arbitrary string content in the 'subject' and 'description' fields.
  • Ingestion points: TaskCreate and TaskUpdate functions accept unvalidated text input for task metadata in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for processing task content.
  • Capability inventory: The system performs file-write operations to the ~/.claude/tasks/ directory to persist task state.
  • Sanitization: The skill documentation does not mention any sanitization, escaping, or filtering of the task content before it is stored or displayed to other agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 10:11 AM
Security Audit — agent-trust-hub — task-system