file-todos
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill constructs bash commands using placeholders like
{priority}and{description}. If an agent populates these with unsanitized user input containing shell metacharacters (e.g.,;,|,$(...)), it leads to command injection.\n- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from files in thetodos/directory.\n - Ingestion points: Filenames and YAML frontmatter in
todos/*.mdvialsandgrep.\n - Boundary markers: Absent.\n
- Capability inventory: File system access (
cp), shell execution (bash), and local script execution (./scripts/log-skill.sh).\n - Sanitization: Absent; filenames and file contents are used directly in shell commands.\n- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill executes a local script
./scripts/log-skill.shwhose contents are not included in the analysis, representing an unverifiable local dependency.
Audit Metadata