pachca-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official @pachca/cli package from the NPM registry, which is a resource owned by the vendor pachca.
- [COMMAND_EXECUTION]: Uses the pachca CLI tool to interact with the API via shell commands, which is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill processes user-supplied strings for task content and metadata. Ingestion points: --content and other task property flags in SKILL.md. Boundary markers: None explicitly defined in the CLI command templates. Capability inventory: Bash tool usage for interacting with the Pachca CLI. Sanitization: Relies on the underlying CLI tool's argument processing for handling shell inputs.
Audit Metadata