todo-triage
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes 'pending todo' files from the filesystem which may contain content from untrusted external sources, such as automated code analysis tools or issue trackers. This creates a surface for indirect prompt injection where malicious instructions inside a todo file could influence the agent's behavior during triage.
- Ingestion points: Reads content from files within
.context/compound-engineering/todos/and legacytodos/directories (SKILL.md). - Boundary markers: No specific delimiters or "ignore instructions" warnings are utilized when the agent reads and presents the todo content.
- Capability inventory: The skill allows the agent to rename files (modification) and delete files from the local filesystem (SKILL.md).
- Sanitization: There is no evidence of content validation, sanitization, or filtering of the todo data before it is presented and acted upon.
Audit Metadata