todo-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface identified as the skill processes untrusted external data.\n
- Ingestion points: The skill initializes and updates from user-controlled files like
task-list.mdas described inREADME.md.\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands were found in the documentation.\n
- Capability inventory: The skill uses
scripts/update-todos.pyto modify task states and generate reports, which involves file writing and data processing.\n - Sanitization: No evidence of input validation or sanitization for task list content was provided.\n- NO_CODE (SAFE): The referenced automation script
scripts/update-todos.pyand the mainSKILL.mdfile were not included in the submission. While the documentation describes their behavior, the absence of code prevents a definitive audit for command injection or other runtime risks.
Audit Metadata