tasknotes
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security issues were detected. The skill performs legitimate task management operations.
- [DATA_EXFILTRATION]: Network requests are confined to 'localhost', which is a whitelisted domain for local service interaction.
- [COMMAND_EXECUTION]: CLI commands are restricted to specific API endpoints and do not allow for arbitrary system command execution.
- [CREDENTIALS_UNSAFE]: Sensitive tokens are loaded from a local .env file instead of being hardcoded, following security best practices.
- [PROMPT_INJECTION]: The skill processes data from a local API, which represents a low-risk surface for indirect prompt injection. (Ingestion points: scripts/tasks.py; Boundary markers: Absent; Capability inventory: CRUD via local API; Sanitization: Absent).
Audit Metadata