todo-manager
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses untrusted data (source code comments) to perform project management actions. 1. Ingestion points: Reads source code files for // TODO: comments and project files docs/plan/todo.md and docs/plan/roadmap.md. 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: Ability to read source code and modify documentation files. 4. Sanitization: Absent; no validation is performed on the extracted content.
- [PROMPT_INJECTION]: Deceptive metadata detected in the author field. The YAML frontmatter lists 'GitHub Copilot' as the author, which contradicts the provided developer context of 'caomeiyouren'.
- [NO_CODE]: No executable scripts or binary files are included in this skill; it consists entirely of natural language instructions and configuration.
Audit Metadata