integrate-todo-list
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard task management feature using React and TypeScript. All code is localized to the project directory and interacts with the application via defined hooks and context. No malicious patterns were detected.
- [UNVERIFIABLE_DEPENDENCIES]: The skill utilizes standard, well-known libraries such as @tabler/icons-react, @sinclair/typebox, and ajv. It also integrates with official vendor packages including @cognite/dune-industrial-components and @cognite/aura.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No evidence of sensitive data harvesting or unauthorized network communication was found. Data processing is limited to local state updates for UI rendering.
- [INDIRECT_PROMPT_INJECTION]: While the skill handles task descriptions derived from user queries, it does not provide any dangerous capabilities (such as shell execution or network requests) that could be exploited via malicious input in the task list. The attack surface is restricted to UI state management.
Audit Metadata