adhd-task-management
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits task metadata and user-provided descriptions to an external Supabase project instance (mocerqjnksmhcjzxrewo.supabase.co) for persistent logging and analytics. While this uses a well-known service, it involves sending session-derived content to a third-party hosted database.
- [COMMAND_EXECUTION]: Employs curl commands within the SKILL.md instructions to interact with the Supabase REST API, facilitating the synchronization of task states such as INITIATED, IN_PROGRESS, and COMPLETED.
- [PROMPT_INJECTION]: Detects an indirect prompt injection surface where untrusted data provided by the user is interpolated into network requests.
- Ingestion points: Task descriptions and user progress signals ingested through SKILL.md.
- Boundary markers: None implemented in the JSON data structure used for API communication.
- Capability inventory: Outbound network communication via curl in SKILL.md used for database synchronization.
- Sanitization: No input validation or escaping is defined for user-supplied task text prior to transmission.
Audit Metadata