todo-complete
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill uses the 'grep' command to search for dependent tasks in the 'Todos/active/' directory. Without strict input validation, malicious filenames could potentially interfere with command execution logic. Evidence: Phase 5, Step 1.
- PROMPT_INJECTION (LOW): This skill is susceptible to indirect prompt injection because it processes data from user-editable files. 1. Ingestion points: Markdown files in 'Todos/active/' are read in Phase 3 and Phase 5. 2. Boundary markers: Absent; there are no clear delimiters between the data and instructions. 3. Capability inventory: The skill can read, write, and move files, and execute shell commands (grep). 4. Sanitization: Absent; file contents are not sanitized or escaped before processing.
Audit Metadata