pndr
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [NO_CODE]: The skill consists entirely of documentation and configuration metadata. It does not include executable scripts, relying instead on the external 'mcporter' CLI and the Pndr web service.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface, as it retrieves and processes content from an external source (Pndr account data).
- Ingestion points: Data enters the agent's context via tools like list_ideas, get_thoughts, get_list, and list_comments from pndr.io.
- Boundary markers: No specific boundary markers or 'ignore' instructions are provided to the agent to distinguish between system instructions and retrieved data.
- Capability inventory: The agent has extensive capabilities to read, write, and delete data across tasks, journals, habits, and lists.
- Sanitization: There is no evidence of sanitization or filtering applied to the content fetched from the Pndr API before processing.
- [CREDENTIALS_UNSAFE]: Setup instructions involve storing OAuth access tokens in plain-text configuration files on the user's filesystem. The documentation notes that these tokens have a 365-day expiration period, which increases the duration of risk if the local environment is compromised.
Audit Metadata