ai-todo
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
ai-todoCLI for all task management operations such as listing, creating, completing, and updating tasks. - [EXTERNAL_DOWNLOADS]: If the CLI is not found, the skill instructs the agent to install the
ai-todo-clipackage globally usingnpm install -g ai-todo-cli. - [CREDENTIALS_UNSAFE]: The skill accesses the local configuration file
~/.config/ai-todo/credentials.jsonto verify the presence of authentication credentials before execution. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to automatically ingest and process data from external tool outputs.
- Ingestion points: Data is ingested from user-provided task titles, descriptions, git commit messages, and Vercel deployment logs during post-action workflows.
- Boundary markers: The prompt instructions do not include specific delimiters or 'ignore embedded instructions' warnings for the data being processed.
- Capability inventory: The skill has the capability to execute CLI commands on the local system and interact with a remote API at
https://ai-todo.stringzhao.life. - Sanitization: There is no evidence of input validation or sanitization applied to external data before it is passed to the CLI or used to generate task summaries.
Audit Metadata