Skills
skills/kaelzhang321/teambition-agent-toolkit/tb-set-parent-task/Gen Agent Trust Hub

tb-set-parent-task

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script located at bin/tb-api.mjs to interact with the Teambition API. This is the intended primary function of the skill.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from project and task metadata.
  • Ingestion points: Reads project lists and task IDs from .teambition.md and external API responses.
  • Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands in the ingested data.
  • Capability inventory: Shell command execution via node bin/tb-api.mjs and file system operations via Read and Edit tools.
  • Sanitization: Absent; the instructions do not specify any validation or sanitization of the data retrieved from the API or the local configuration file before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 03:32 AM