td-task-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill facilitates the storage and retrieval of task-related metadata and logs which serve as a persistent vector for untrusted data to enter the agent's context window.\n
- Ingestion points: The agent is instructed to call
td usage,td context <id>, andtd show <id>to retrieve work state, which reads from user-controllable files in the.todos/directory.\n - Boundary markers: There are no defined delimiters or instructions to treat handoff notes or task descriptions as data rather than instructions, increasing the risk of the agent obeying embedded commands.\n
- Capability inventory: The agent using this skill is expected to perform development tasks, meaning it likely has access to file-write and command execution capabilities that could be abused via malicious task data.\n
- Sanitization: The documentation provides no guidance on sanitizing input logs or validating the contents of handoffs before they are processed by the next agent session.
Audit Metadata