todo-init
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill uses the
mkdir -pcommand to initialize its configuration directory. While standard for setup, executing shell commands with variable path inputs is a minor risk factor if input is not validated. - [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection by processing external data.
- Evidence Chain: 1. Ingestion points: The skill reads project configuration from
.claude/todo-settings-local.jsonand searches the file system forTodos/directories. 2. Boundary markers: Absent; there are no delimiters or warnings to ignore instructions within these files. 3. Capability inventory: The skill can create directories and write files to the local disk. 4. Sanitization: Absent; there is no explicit sanitization for paths or file content mentioned in the logic.
Audit Metadata