auto-todo
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted requirement documents. Ingestion points: docs/requirements/ or user-provided paths (SKILL.md). Boundary markers: No delimiters defined for parsing Tier 2 or Tier 3 markdown content (SKILL.md). Capability inventory: The skill can write a todolist.md file (SKILL.md). Sanitization: No filtering of extracted content is performed before file generation.
- [DATA_EXFILTRATION]: The skill reads project manifest files to detect tech stacks but includes explicit constraints forbidding the agent from reading sensitive files like .env, credentials, or files containing secrets (SKILL.md).
- [SAFE]: The skill implements a mandatory Hard Gate requiring user approval of the task breakdown before file writing and includes safety features like atomic writes and file backups.
Audit Metadata