moai-core-todowrite-pattern
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The TodoWrite pattern introduces a surface for indirect prompt injection.
- Ingestion points: Project source files are scanned for placeholders using the provided script in
examples.mdand shell commands recommended inSKILL.md. - Boundary markers: No delimiters or instructions are present to ensure the agent ignores malicious content within the analyzed files.
- Capability inventory: The agent has access to the
Writetool (as defined inSKILL.md), allowing it to modify files based on instructions found in implementation placeholders. - Sanitization: The skill lacks logic to validate the content of found placeholders before the agent processes them as instructions.
Audit Metadata