add-todo
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted user input via the /add-todo command and interpolates it directly into markdown files (docs/待办清单.md and docs/项目状态.md). This creates a vulnerability surface for indirect prompt injection where malicious instructions could be stored in persistent documentation and later processed by the agent in subsequent sessions. \n
- Ingestion points: User-provided task names, descriptions, and metadata provided as arguments to the /add-todo command. \n
- Boundary markers: Absent; user input is placed directly into markdown list items without delimiters or ignore-instructions warnings. \n
- Capability inventory: The skill utilizes the agent's ability to read and write to the local file system (docs/ and .claude/ folders). \n
- Sanitization: Absent; the skill performs mapping and extraction logic but does not escape or validate the task content for embedded instructions.
Audit Metadata