cc-task-state

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill manages project-local state by creating, updating, and archiving files within the ".codex/tasks/" and "~/.codex/tasks/" directories. These activities are limited to the local file system and are the primary intended function of the skill.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it transforms untrusted user input into persistent task records.
  • Ingestion points: Processes natural language updates from users to extract task descriptions and states.
  • Boundary markers: The skill does not specify the use of delimiters or
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 03:34 AM
Security Audit — agent-trust-hub — cc-task-state