microsoft-to-do
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the @membranehq/cli package, which is an official tool provided by the vendor.
- [COMMAND_EXECUTION]: Operations are performed using the membrane command-line tool to manage task data and authentication connections.
- [PROMPT_INJECTION]: The skill processes external content from Microsoft To Do (e.g., task titles and descriptions) which presents an indirect prompt injection surface. 1. Ingestion points: Data retrieved through membrane action run and membrane request commands in SKILL.md. 2. Boundary markers: None identified in the provided command patterns. 3. Capability inventory: The skill can create, update, and delete tasks and task lists via the membrane CLI in SKILL.md. 4. Sanitization: No evidence of data sanitization or validation before processing external content.
Audit Metadata