find-code-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script (
task-status.sh) to perform its main functionality. This script uses standard utilities likebash,awk,grep, andsedto parse file content. - [SAFE]: The
TASKS_DIRvariable is used to define the search path for task files. While it can be overridden via environment variables, the script uses it solely as an argument tofindorfd, which are restricted to the local file system. - [SAFE]: The script reads files with the
.code-task.mdextension. It parses the YAML frontmatter section but does not execute the content of these files, mitigating risks related to indirect prompt injection or remote code execution via task data.
Audit Metadata