file-todos
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard Unix utilities (
ls,grep,cp,mv,awk) for managing local markdown files. These commands are used for file organization and do not exhibit signs of arbitrary or dangerous execution. - [DATA_EXFILTRATION] (SAFE): No network operations (
curl,wget, etc.) or attempts to access sensitive system paths (e.g.,~/.ssh,.env) were detected. The skill's scope is strictly limited to thetodos/directory within the workspace. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or other sensitive credentials were found in the instructions or the provided templates.
- [PROMPT_INJECTION] (SAFE): The skill's content is focused on workflow management. There are no instructions that attempt to override the agent's core safety guidelines or hijack its behavior.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill reads data from local markdown files, which is an ingestion surface, the processing is restricted to local metadata parsing and task management with clear delimiters (YAML frontmatter). No high-privilege capabilities are triggered by this data.
Audit Metadata