tapd
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git commands for branch management and Node.js for its internal context CLI. These operations are restricted to the local repository and follow a defined safety policy that avoids dangerous operations like forced checkouts or automatic stashing.
- [DATA_EXFILTRATION]: The skill utilizes a
TAPD_ACCESS_TOKENfor API interactions with the officialapi.tapd.cndomain. It includes explicit instructions and code logic to prevent the token from being logged or echoed back to the user, and no network requests to unauthorized third-party domains were found. - [PROMPT_INJECTION]: The skill processes untrusted requirement descriptions and task details from TAPD (SKILL.md, intake-gate.md). Ingestion points: External content is retrieved via the
get_stories_or_taskstool. Boundary markers: No explicit delimiters are used in interpolation, but the skill mandates structured analysis. Capability inventory: The skill can create or update tasks, stories, and comments via MCP tools. Sanitization: No explicit string sanitization is performed, but the workflow requires human dry-run confirmation before any write actions.
Audit Metadata