tasknotes
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'tn' CLI tool to interact with the local filesystem. This is the primary intended function of the skill for task management. Evidence: Use of commands such as 'tn list', 'tn update', and 'tn delete' to manage files.
- [DATA_EXFILTRATION]: The skill references a specific local file path which identifies the user's directory structure. Evidence: Hardcoded path '/Users/cdd/Documents/notes/oldwinter-notes' in the Notes section. This is documented as a vendor-specific configuration.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-generated Markdown content. * Ingestion points: 'tn list' and 'tn search' read titles and frontmatter from local files. * Boundary markers: None present. * Capability inventory: Subprocess calls via 'tn' including file deletion ('tn delete') and content modification ('tn update'). * Sanitization: No sanitization or 'ignore instructions' markers are mentioned in the command usage.
Audit Metadata