Taskline Integration

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed MyTaskline task-management skill that can create and update tasks, projects, and people records in the user's account.

Install only if you trust MyTaskline.com and this skill with your task data. Protect the API key, use a scoped or dedicated key if available, avoid putting secrets in task text, and review complex commands because names in free-form text may create people records or projects in your account.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill goes beyond parsing task text and automatically creates new people records whenever a referenced name is not found. This can cause unauthorized directory changes, identity clutter, and accidental disclosure or persistence of personal data from free-form user input, especially if users mention real people who were never meant to be added to the platform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal