todo-finder
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and displays untrusted data from the user's codebase.
- Ingestion points: The skill uses
GrepandReadto extract text from arbitrary files within the project directory. - Boundary markers: The skill does not implement specific boundary markers or 'ignore embedded instructions' warnings when presenting findings to the agent.
- Capability inventory: Tools are limited to
Grep,Read, andGlob, providing read-only access to the filesystem. The skill cannot write files, execute code, or perform network operations. - Sanitization: There is no evidence of sanitization or escaping for the extracted comment strings before they are incorporated into the agent's output. A malicious file could contain instructions inside a 'FIXME' comment designed to manipulate the agent's summary or behavior.
Audit Metadata