monitoring-tasks

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs legitimate task monitoring functions as described in its metadata. It uses local bash scripts (query-tasks.sh, analyze-tasks.sh) and standard tools (jq) to process task data fetched from a configured provider.
  • [COMMAND_EXECUTION]: The skill executes local shell scripts to query and analyze task data. Arguments are passed safely using quotes and the jq --arg flag, minimizing injection risks.
  • [DATA_EXFILTRATION]: No unauthorized data transmission was found. The skill interacts only with the user's configured task database (e.g., Notion) and processes results locally in /tmp.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests external data (task titles and properties) which is a potential surface for indirect prompt injection. However, the data is processed quantitatively via a script rather than being directly interpreted as instructions, and the final report follows a strict template, mitigating risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 03:44 PM
Security Audit — agent-trust-hub — monitoring-tasks