skills/itzptk/skills/t3code/Gen Agent Trust Hub

t3code

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The bundled script scripts/launch_thread.py executes the local t3 CLI and git using subprocess.run. These operations are used for session management and branch discovery. The script correctly uses list-based argument passing to mitigate shell injection risks.
  • [DATA_EXPOSURE]: The skill reads configuration and state files from local paths including ${T3CODE_HOME:-$HOME/.t3}/userdata/state.sqlite and server-runtime.json. It also manages a local credential cache at ~/.codex/t3code/credentials.json. The script implements appropriate file permissioning (0600) to protect these credentials.
  • [DATA_EXFILTRATION]: The skill transmits bearer tokens and project data to the T3 Code server origin. The origin is either discovered from local process metadata (scanning /proc) or provided by the environment. This communication is required for the skill's primary function of thread orchestration.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied prompts and project-level configuration files (.t3code/config.json). While this presents a surface for indirect prompt injection, it is mitigated by the tool's focus on local developer workflows and explicit server-side command structures.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 10:26 AM
Security Audit — agent-trust-hub — t3code