tapd
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing a local Python script (
scripts/tapd.py) to perform platform actions. This script handles over 40 distinct subcommands for managing project data. - [CREDENTIALS_UNSAFE]: Authentication with the TAPD platform requires sensitive tokens (
TAPD_ACCESS_TOKEN,TAPD_API_USER,TAPD_API_PASSWORD). The skill manages these through environment variables, avoiding hardcoded secrets. - [EXTERNAL_DOWNLOADS]: The skill provides functionality to fetch attachments and download images from the official
file.tapd.cndomain as part of its project management features. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content retrieved from the external TAPD platform.
- Ingestion points: Untrusted data is ingested from TAPD story descriptions, bug reports, Wiki pages, and comments via commands like
get_stories_or_tasks. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided documentation to isolate external data.
- Capability inventory: The associated scripts allow the agent to perform comprehensive state-changing operations on the TAPD platform, including creating and updating project entities.
- Sanitization: There is no documentation suggesting that the content retrieved from the TAPD API is sanitized before being presented to the model.
Audit Metadata