taskwarrior

Security checks across malware telemetry and agentic risk

Overview

This Taskwarrior skill is coherent and workspace-scoped, with one manageable safety tradeoff around disabled Taskwarrior confirmations.

Reasonable to install if you want workspace-local Taskwarrior assistance. Review commands before bulk edits, deletes, purges, or status-changing operations because the skill disables Taskwarrior’s interactive confirmation prompts for automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs creation of a Taskwarrior config with `confirmation=off`, which suppresses interactive safety prompts for all workspace-scoped operations. Even though the skill says delete/purge should not be used unless explicitly requested, disabling confirmations increases the chance that an agent or user typo causes unintended state-changing actions to execute immediately without a final check.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal