find-todos
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill scans the codebase for comments (TODO, FIXME, etc.) and processes them to generate task lists or GitHub issues. This represents a data ingestion surface where an attacker could place malicious instructions inside code comments (e.g., in a PR) to influence the agent's behavior during the task conversion process.
- Ingestion points: Codebase files via
greptool. - Boundary markers: None explicitly mentioned in the prompts for the search results.
- Capability inventory:
grep,git, and potentially GitHub issue creation via dependent skills. - Sanitization: None specified for the content of found comments.
- [Command Execution] (LOW): The skill utilizes system tools like
grepandgitto perform its primary function of locating tasks. While these are standard development operations, they involve executing shell commands based on branch names and file paths. - [Data Exposure] (SAFE): While the skill reads codebase content, it specifically targets non-sensitive task markers and uses caching in a local hidden directory (
.claude/cache/) which is standard for performance optimization.
Audit Metadata