Skills
skills/kaelzhang321/teambition-agent-toolkit/tb-get-taskflow-statuses/Gen Agent Trust Hub

tb-get-taskflow-statuses

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script at bin/tb-api.mjs using the Node.js runtime. This operation is essential for the skill's stated purpose of querying the Teambition API.\n- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection due to how it handles external data.\n
  • Ingestion points: Project lists are read from a local .teambition.md file and project selection is provided via user input.\n
  • Boundary markers: The prompt lacks explicit delimiters or instructions to the model to ignore potential instructions embedded within the ingested project data.\n
  • Capability inventory: The skill has the capability to execute shell commands via the node binary.\n
  • Sanitization: There is no evidence of sanitization or validation of the project ID variable before it is passed to a shell command, which is a common vulnerability surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 03:32 AM