task-list
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and parse untrusted local data from the filesystem, which could contain malicious instructions.
- Ingestion points: Scans local directories (
focus/,active/,paused/, etc.) for*.mdfiles to extract metadata. - Boundary markers: Absent. The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the agent during the parsing process.
- Capability inventory: Includes directory scanning, file reading, and data display. It lacks high-risk capabilities like file modification, command execution, or network access.
- Sanitization: Absent. There is no mention of filtering or validating the content of the task headers beyond basic parsing.
Audit Metadata