timewarrior-efficient-entry
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill includes Python scripts (tag_analyzer.py, tag_report.py, tag_fuzzy_search.py) that utilize subprocess.run to execute the timew command for data extraction and analysis. This is standard behavior for the intended functionality and does not involve unsafe shell execution.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill processes user-controlled data from the local timew database. While this is an ingestion surface, the lack of remote data sources and restricted command capabilities render it safe. Ingestion points: scripts/*.py; Boundary markers: JSON data structures; Capability inventory: Restricted to timew binary; Sanitization: JSON parsing.
Audit Metadata