file-todos
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands including ls, grep, cp, mv, sort, and awk for managing todo files in the local todos/ directory. These commands are integral to the primary workflow for tracking and triaging tasks.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill processes markdown files that may contain untrusted data.
- Ingestion points: The agent reads content from files matching todos/*.md as described in SKILL.md.
- Boundary markers: Absent; the skill does not specify the use of delimiters or instructions to ignore embedded directives within the markdown content.
- Capability inventory: The agent has the capability to create, rename, and update files, and execute shell utilities for searching and listing (referenced in SKILL.md).
- Sanitization: Absent; no validation, escaping, or filtering is applied to the data ingested from the todo files.
Audit Metadata