todo
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill reads task data from a workspace file that could be influenced by untrusted sources, creating a potential vector for indirect prompt injection.\n
- Ingestion points: The skill ingests data from
.alma/todos-<THREAD_ID>.mdusing theReadtool.\n - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the todo list content.\n
- Capability inventory: The skill is authorized to use the
ReadandWritetools for file operations.\n - Sanitization: No sanitization, escaping, or validation is performed on the content read from the todo file.
Audit Metadata