Skills
skills/pachca/openapi/pachca-tasks/Gen Agent Trust Hub

pachca-tasks

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and executes the official @pachca/cli package from the NPM registry using the npx command.
  • [COMMAND_EXECUTION]: Utilizes Bash commands to interact with the CLI tool for creating, retrieving, updating, and deleting tasks.
  • [PROMPT_INJECTION]: The skill ingests untrusted data when listing tasks (pachca tasks list). If task content contains instructions, it could lead to indirect prompt injection.
  • Ingestion points: Output of pachca tasks list in SKILL.md.
  • Boundary markers: None provided in the command output handling.
  • Capability inventory: Allows execution of npx, pachca, which, and npm via Bash.
  • Sanitization: No explicit sanitization of task content before displaying to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:49 AM
Security Audit — agent-trust-hub — pachca-tasks