file-todos
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes data from user-generated markdown files in the todos/ directory.\n
- Ingestion points: The agent reads and searches through files in the todos/ directory using grep and ls.\n
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the todo files.\n
- Capability inventory: The skill provides the agent with file system capabilities including ls, grep, cp, mv, and awk.\n
- Sanitization: There is no evidence of sanitization or validation of the content of the markdown files before processing.\n- [COMMAND_EXECUTION]: The skill relies on shell commands for managing the todo system, which could lead to unintended execution if filenames or content are maliciously crafted.\n
- Evidence: The workflow instructions suggest using shell pipelines such as ls todos/ | grep -o '^[0-9]\+' | sort -n | tail -1 | awk '{printf "%03d", $1+1}' and variable interpolation in commands like cp assets/todo-template.md todos/{NEXT_ID}-pending-{priority}-{description}.md.
Audit Metadata