create-todo
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected. The skill follows best practices by using placeholders for identifiers and referencing official vendor tools.
- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface by accepting user-provided text for task fields.
- Ingestion points: Data enters the agent context through the 'title' and 'description' parameters in the 'create-todo' tool call.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided.
- Capability inventory: The skill executes the 'create-todo' tool provided by the One Horizon MCP.
- Sanitization: No input sanitization or validation is specified within the skill body.
Audit Metadata