record-todos
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input and reads existing project files (like CLAUDE.md) to extract goals and prioritize tasks. This creates a surface where malicious content in those files could influence the agent's prioritization or organizational logic.
- Ingestion points: Reads content from
CLAUDE.md,.claude/todos/active.md, and direct user messages. - Boundary markers: None identified; the skill relies on standard Markdown parsing.
- Capability inventory: Limited to reading and writing Markdown files in the
.claude/directory. No subprocess execution, network operations, or shell access detected. - Sanitization: The skill paraphrases user input but does not explicitly sanitize or validate the content of the files it reads.
Audit Metadata