Skills
skills/randroids-dojo/skills/task-tracking-dots/Gen Agent Trust Hub

task-tracking-dots

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the dot CLI from a GitHub repository (github.com/joelreymont/dots) or a Homebrew tap. This is the primary component for the skill's stated purpose.
  • [COMMAND_EXECUTION]: The skill uses shell commands to verify the installation (command -v dot), build the tool from source (zig build), and execute task-tracking operations (dot ls, dot ready, dot on). These are standard administrative and functional commands.
  • [PROMPT_INJECTION]: The skill processes user-provided strings for task names and completion reasons. This presents a surface for indirect prompt injection if the inputs are derived from untrusted external sources.
  • Ingestion points: Task titles and description flags in dot add and completion reasons in dot off -r.
  • Boundary markers: None identified in the provided command examples.
  • Capability inventory: Shell execution via the dot binary.
  • Sanitization: No explicit input sanitization or validation is mentioned in the skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 04:27 PM