Skills
skills/kaelzhang321/teambition-agent-toolkit/tb-update-task-status/Gen Agent Trust Hub

tb-update-task-status

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script bin/tb-api.mjs using the Bash tool to interact with the Teambition API. Subcommands include get-project-tasks, get-taskflow-statuses, and update-task-status.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from an external API.
  • Ingestion points: Task and status lists fetched via node bin/tb-api.mjs commands.
  • Boundary markers: The instructions do not define delimiters or warnings to ignore instructions embedded within the API output.
  • Capability inventory: The skill possesses capabilities to execute shell commands (Bash(node *)), read files, and edit files.
  • Sanitization: No sanitization logic is described for the data retrieved from external API calls before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 03:32 AM