todo
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface for indirect prompt injection as it ingests untrusted data from the filesystem.
- Ingestion points: Reads existing
TODO.mdfile contents to parse tables and maintain structure. - Boundary markers: Absent; the instructions do not specify using delimiters or 'ignore' instructions for the content read from the file.
- Capability inventory: File modification (specifically creates/updates
TODO.mdin the repository root). - Sanitization: Absent; the skill preserves existing rows and content below the table without explicit validation of the data being read.
- [Remote Code Execution] (SAFE): No patterns for remote code execution, external downloads, or runtime script execution were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill is restricted to project management files and does not perform network operations or access sensitive credentials.
Audit Metadata