file-todos
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill defines a workflow where the agent reads and updates markdown files in a
todos/directory. This creates a surface for indirect prompt injection if the files are populated from untrusted sources such as PR comments. - Ingestion points: Markdown files in the
todos/directory populated from PR comments or code reviews. - Boundary markers: Absent; the agent is instructed to read file sections directly into context without delimiters.
- Capability inventory: Local file system operations (ls, cp, mv, grep, awk) and general file editing capabilities.
- Sanitization: Absent; the skill instructs the agent to read and act on the content of the todo files without escaping or filtering.
Audit Metadata