Skills
skills/kaelzhang321/teambition-agent-toolkit/tb-sync/Gen Agent Trust Hub

tb-sync

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill retrieves project and task metadata from the TeamBition API and stores it in a local markdown cache file.
  • Ingestion points: Data is ingested from open.teambition.com via the tb-api.mjs script through various commands like get-projects and search-tags.
  • Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded content within the generated .teambition.cache.md file.
  • Capability inventory: The skill utilizes Bash(node *) for API interaction and Write for local file persistence.
  • Sanitization: No sanitization or validation of the API-sourced content (such as project names or task titles) is performed before it is written to the cache, creating a surface for potential indirect prompt injection if external data contains malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 02:21 PM