triage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads findings from the
todos/directory. If an attacker can control the content of these files, they could embed instructions to manipulate the agent during the triage process. \n - Ingestion points: Files located within the
todos/directory. \n - Boundary markers: Absent; content is interpolated directly into the presentation format without delimiters. \n
- Capability inventory: The skill possesses file system capabilities including reading, renaming, and deleting files within the
todos/directory. \n - Sanitization: No sanitization or validation of the ingested file content is performed.
Audit Metadata