tb-get-my-project-tasks
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions in
SKILL.mdexplicitly direct the agent to use theReadtool on the.teambition.mdconfiguration file to extract anOperator ID. However, this file also contains theApp SecretandApp ID(as utilized by thetb-api.mjsscript), meaning these sensitive credentials are exposed to the AI agent's prompt context when the file is read. - [COMMAND_EXECUTION]: The skill executes a local Node.js script
scripts/tb-api.mjsvia theBashtool. The execution path includes theprojectIdparameter, which is obtained via user interaction throughAskUserQuestion. - [DATA_EXFILTRATION]: The script
scripts/tb-api.mjsperforms network requests usingfetchtoopen.teambition.com, a well-known collaboration service. These requests are used to exchange theApp Secretfor an access token and to retrieve project tasks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays task content from the TeamBition API. Ingestion points: Task titles and notes are fetched from
open.teambition.comvia theget-project-taskscommand. Boundary markers: The skill does not employ delimiters or specific instructions to ignore embedded commands in the retrieved data. Capability inventory: The agent has access toBash(shell execution) andRead(file access). Sanitization: No validation or sanitization is performed on the API-returned content before it is displayed to the user in a table.
Audit Metadata