storage-taskwarrior
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill performs task management by executing local shell commands including git and task. It uses subshells to extract project metadata from the git configuration.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from external git repository configurations to construct command arguments. Ingestion points: git remote URL via git config. Boundary markers: None. Capability inventory: Taskwarrior database access and shell command execution. Sanitization: The skill instructions explicitly mandate validating the project ID as 'alphanumeric + dash only' before use, which effectively mitigates command injection risks from malicious git configurations.
Audit Metadata