todo-tracker
Fail
Audited by Gen Agent Trust Hub on Feb 12, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
================================================================================
🔴 VERDICT: CRITICAL
This skill contains a critical command injection vulnerability in its todo.sh script, allowing arbitrary shell command execution via user-supplied input. Additionally, it instructs users to clone a repository from an untrusted GitHub organization, posing a supply chain risk.
Total Findings: 2
🔴 CRITICAL Findings:
• Command Injection via sed
- scripts/todo.sh:102, 120
The
mark_doneandremove_itemfunctions inscripts/todo.shusesedcommands where the user-supplied$patternargument is directly embedded within double quotes in thesedregex. For example,sed -i '' "/\- \[ \].*$pattern/d" "$TODO_FILE". If$patterncontains shell command substitutions like$(command), these commands will be executed by the shell beforesedeven processes the string. This allows an attacker to execute arbitrary shell commands on the system where the skill is running.
🟡 MEDIUM Findings: • Unverifiable Dependency
- README.md:7
The installation instructions recommend cloning a Git repository (
https://github.com/jdrhyne/todo-tracker-skill.git) from thejdrhyneGitHub organization. This organization is not listed as a trusted external source. Relying on code from unverified external sources introduces a supply chain risk, as the content of the repository could change or be malicious.
================================================================================
Recommendations
- AI detected serious security threats
Audit Metadata