adhd-task-management-skill
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Category 8: Indirect Prompt Injection] (MEDIUM): The skill possesses a capability to ingest untrusted data and perform external writes.
- Ingestion points: User-provided task descriptions and conversation topics are ingested into the agent's mental state via
SKILL.mdlogic. - Boundary markers: No explicit delimiters or boundary markers are defined to isolate user-provided task content from the skill's operational logic.
- Capability inventory: The skill performs network write operations (inserting records into a Supabase database).
- Sanitization: There is no evidence of sanitization or escaping of the
{task['description']}variable before it is interpolated into the logging payload, which could lead to schema confusion or injection in the destination database. - [Category 2: Data Exposure & Exfiltration] (LOW): The skill is designed to send user activity data (task names, duration, and metadata) to an external Supabase instance. While this is the stated purpose, it constitutes data exfiltration of user behavior patterns to a third-party service.
- [Category 4: Unverifiable Dependencies] (INFO): The provided Python snippet for logging assumes the availability of a
supabaseclient library and configured credentials in the host environment.
Audit Metadata