refine
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from an external file to perform its core functions.
- Ingestion points: Content is ingested from
brain/todos.mdduring the triage and rewrite steps. - Boundary markers: There are no delimiters or instructions to ignore instructions found within the todo items.
- Capability inventory: The skill can modify the local file system via the
Edittool and interact with the user viaAskUserQuestion. - Sanitization: Content read from the file is not sanitized or validated before being processed by the agent.
Audit Metadata