file-todos
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of user-controlled Markdown files in the todos/ directory.
- Ingestion points: The skill reads from files matching todos/*.md to triage, list, and manage tasks.
- Boundary markers: No delimiters or ignore-instructions are used to separate the data in these files from the agent's instructions.
- Capability inventory: The agent uses standard shell tools like ls, grep, mv, and awk for file management tasks.
- Sanitization: No sanitization is performed on the content read from the files.
Audit Metadata