kai-todo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure (LOW): The skill is configured to access a hardcoded file path at '~/Documents/personal/Kai-Todo.md'. While this is the primary purpose of the skill, it involves accessing potentially sensitive personal data in the user's home directory.\n- Indirect Prompt Injection (LOW): The skill processes untrusted data from the task file and is explicitly instructed to 'Begin working on it immediately' when selecting the next task, which could lead to the agent executing instructions embedded within a task description.\n
- Ingestion points: The file '~/Documents/personal/Kai-Todo.md' is read during the 'list' and 'next' command executions.\n
- Boundary markers: Absent. The skill does not provide instructions to the agent to distinguish between task metadata and potentially malicious instructions within the task body.\n
- Capability inventory: The skill possesses the capability to read from and write to the local file system.\n
- Sanitization: Absent. There are no mentions of escaping or validating the content of the tasks retrieved from the file before the agent processes them.
Audit Metadata