task-master
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill parses Product Requirements Documents (PRDs) from
.taskmaster/docs/prd.txtto generate actionable tasks. This represents a high-risk ingestion point for untrusted data. If a PRD contains malicious instructions, the skill's capability to execute commands vianpxand modify the project structure could be exploited. - [Unverifiable Dependencies] (MEDIUM): The skill requires the installation of
task-master-aivia NPM. The underlying repository (eyaltoledano/claude-task-master) is not a recognized trusted source, posing a risk of supply chain attack or execution of malicious code during thenpm installornpxexecution phases. - [Data Exposure & Exfiltration] (HIGH): The setup instructions prompt users to provide
ANTHROPIC_API_KEYandPERPLEXITY_API_KEYin environment variables. Because the skill has the ability to read local files (PRDs, Git configuration) and perform network requests (via Perplexity for 'fresh information gathering'), there is a risk of credential exfiltration if the tool is compromised. - [Remote Code Execution] (HIGH): The recommended MCP configuration uses
npx -y task-master-ai. This command downloads and executes the latest version of the package at runtime, which bypasses version pinning and allows for arbitrary code execution from an untrusted publisher.
Recommendations
- AI detected serious security threats
Audit Metadata