Skills
skills/cafe3310/public-agent-skills/doc-todo-log-loop/Gen Agent Trust Hub

doc-todo-log-loop

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust human-in-the-loop (HITL) workflow. It explicitly mandates that the agent must not begin development tasks without prior user approval (Step 3) and must wait for confirmation after every atomic operation (Step 4).
  • [SAFE]: No obfuscation, data exfiltration patterns, or credential harvesting techniques were detected. The skill focuses on local file management within a project directory.
  • [SAFE]: While the skill mentions installing dependencies and modifying code, these actions are presented as standard development tasks subject to the user-controlled iterative process rather than automated or hidden background operations.
  • [DATA_EXPOSURE]: The skill operates on local project files such as TODO.md and development logs. It does not attempt to access sensitive system paths (e.g., .ssh, .aws) or send data to external servers.
  • [PROMPT_INJECTION]: There are no patterns suggesting an attempt to bypass system safety filters or extract system prompts. The instructions reinforce the agent's role as a restricted assistant.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 01:29 AM