task-tracking-dots
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install the 'dot' CLI tool from a third-party Homebrew tap ('joelreymont/tap/dots') or by cloning a GitHub repository ('github.com/joelreymont/dots.git'). These sources are external to the vendor and not on the trusted organizations list.\n- [COMMAND_EXECUTION]: The skill involves executing several shell commands for installation and operation:\n
- 'brew install joelreymont/tap/dots' for package installation.\n
- 'git clone', 'zig build', and 'cp' for manual installation from source.\n
- Regular use of the 'dot' CLI (e.g., 'dot ls', 'dot on', 'dot off') to perform task management operations.\n- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by ingesting data from the 'dot' tool's output into the agent's context.\n
- Ingestion points: Task data is read via 'dot ls', 'dot ready', 'dot show', 'dot tree', and 'dot find' (SKILL.md, commands/task-tracking-dots.md).\n
- Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard potential instructions embedded within the task data.\n
- Capability inventory: The agent has the capability to execute shell commands using the 'dot' CLI tool.\n
- Sanitization: There is no evidence of sanitization or verification of the data returned by the 'dot' tool before it is processed by the agent.
Audit Metadata