Skills
skills/lili-luo/aicoding-cookbook/todo-list-csv/Gen Agent Trust Hub

todo-list-csv

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/todo_csv.py executes the git rev-parse --show-toplevel command to determine the project root. This is a standard and expected operation for developer tools.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Evidence: 1. Ingestion points: The script scripts/todo_csv.py reads task items from a CSV file located in the project root via the _read_rows function. 2. Boundary markers: The skill does not use specific markers or instructions to delimit or ignore instructions within the CSV content. 3. Capability inventory: The cmd_plan function generates a JSON payload for the update_plan tool, which directly influences the agent's future steps. 4. Sanitization: The script performs only basic whitespace stripping on the item field from the CSV before passing it to the agent's plan, allowing potentially malicious strings to be treated as legitimate instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 02:50 PM