Skills
skills/bighardperson/computer-science-skills-collection/tapd-openapi/Gen Agent Trust Hub

tapd-openapi

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted content retrieved from the TAPD platform (e.g., Wiki pages, Story descriptions, Bug titles) which could contain malicious instructions.
  • Ingestion points: scripts/search_wiki.py downloads content from the TAPD API and stores it in local files.
  • Boundary markers: Absent. The skill does not use specific delimiters or instructions to treat the fetched data as untrusted.
  • Capability inventory: The skill is granted access to the Bash, Read, and Glob tools.
  • Sanitization: Absent. Data from the API is saved and read without validation or escaping.
  • [COMMAND_EXECUTION]: The skill relies on the execution of a local Python script (scripts/search_wiki.py) and various shell commands (curl, ls, cat) to interact with the TAPD API and manage local cache files.
  • [DATA_EXFILTRATION]: The skill manages a sensitive authentication token (TAPD_TOKEN) through environment variables. This token is included in the headers of curl requests sent to the configured ${TAPD_API_ENDPOINT}. While this is the intended functionality, a user-controlled or compromised API endpoint could lead to credential exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — tapd-openapi