tb-update-task-members
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script located at
bin/tb-api.mjs. This script is used to interact with the Teambition API to update task members. - [INDIRECT_PROMPT_INJECTION]: The skill retrieves information from the
.teambition.mdfile to determine which tasks and members to update. This constitutes a data ingestion surface. - Ingestion points: Local metadata in
.teambition.md. - Boundary markers: Not present.
- Capability inventory: Execution of shell commands via
Bash(node *)and file access. - Sanitization: Not explicitly implemented in the skill instructions.
Audit Metadata