todo-add
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating unvalidated user input into the local file system.
- Ingestion points: User-provided strings for 'Title', 'Priority', and 'Due Date' are collected via AskUserQuestion in Phase 2 (SKILL.md).
- Boundary markers: The generated markdown files and index entries in README.md lack explicit delimiters or instructions to isolate user-provided content from agent instructions.
- Capability inventory: The skill has permissions to search the file system, create new directories, and write or update markdown files (SKILL.md).
- Sanitization: No sanitization, escaping, or validation is performed on the user-provided 'Title' before it is used in filename generation or file content interpolation.
Audit Metadata