update
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands like git, cat, and grep to collect project metadata. These operations are limited to reading status and file contents within the project directory.
- [PROMPT_INJECTION]: The skill incorporates external data from TODO.md and user-provided arguments into persistent session logs, which presents a surface for indirect prompt injection.
- Ingestion points: Contents of the TODO.md file and the [notes] argument are ingested by the skill.
- Boundary markers: No explicit markers are used to separate ingested content from the session log structure.
- Capability inventory: The skill utilizes Bash, Read, and Write tools to perform its tasks.
- Sanitization: No sanitization or escaping is performed on the ingested content before it is written to the session log file.
Audit Metadata