todo-list
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill processes data from external markdown files which constitutes a surface for indirect prompt injection.
- Ingestion points: The skill reads all markdown files found in the 'Todos/active/' directory.
- Boundary markers: Absent; there are no explicit delimiters or instructions provided to the agent to disregard instructions embedded within the todo files.
- Capability inventory: The skill is limited to file system discovery (globbing) and reading; no command execution, writing, or network capabilities are defined in this skill.
- Sanitization: Absent; the content from the files is parsed and displayed without sanitization or escaping.
Audit Metadata