task-board-init
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs the
Bashtool to perform safe filesystem operations, such as resolving repository paths, checking for existing files to prevent overwrites, and creating the necessary directory structure for the Kanban board. - [SAFE]: The skill incorporates several security design patterns:
- Human-in-the-Loop Confirmation: Findings from repository analysis and proposed changes to
CLAUDE.mdare presented to the user for explicit approval viaAskUserQuestionbefore any files are generated or modified. - Scoped Tool Usage: Subagents tasked with code analysis and document migration are restricted to reading the repository and writing exclusively to the
.claude/features/directory, preventing unintended modifications to source code. - Secret Sanitization: The skill includes a dedicated optimization pass that identifies potentially sensitive information (API keys, credentials, and machine-specific paths) in the root
CLAUDE.mdfile and assists the user in moving them to a gitignoredCLAUDE.local.mdfile. - No Untrusted Remote Content: The skill relies on locally stored templates and platform-native tools, avoiding the execution of external scripts or unverified dependencies.
Audit Metadata