ce-todo-resolve
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system modifications including reading, writing, and deleting markdown files within the project repository (specifically in
.context/compound-engineering/todos/andtodos/). It also executes git commands (commit,push) to persist resolved changes to the remote repository. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes the content of local markdown todo files to drive the actions of sub-agents and documentation skills. 1. Ingestion points: Markdown files located in
.context/compound-engineering/todos/*.mdandtodos/*.md. 2. Boundary markers: Absent; the skill does not specify delimiters or instructions for sub-agents to ignore potentially malicious embedded instructions within the todo content. 3. Capability inventory: File read/write/delete access, git commit and push operations, and the ability to spawn thece-pr-comment-resolveragent and load thece-compoundskill. 4. Sanitization: No sanitization or validation of the todo file content is performed before it is processed by the agent.
Audit Metadata