todo-list-csv
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions direct the agent to construct and execute shell commands using user-supplied data for arguments such as --title, --item, and --notes. If a user provides input containing shell metacharacters (e.g., semicolons, backticks, or pipes), it could lead to arbitrary command execution on the host system. Example: A title like 'Task; rm -rf /' could be executed directly.
- PROMPT_INJECTION (MEDIUM): Category 8 (Indirect Prompt Injection): The skill has a significant attack surface because it ingests untrusted user input (task titles/descriptions) and uses that data to drive system-level tool execution. Evidence Chain: (1) Ingestion Point: User-provided strings for titles and list items. (2) Boundary Markers: Absent; no delimiters are used to separate user data from command structure. (3) Capability Inventory: Execution of local Python scripts via shell commands and modification of local CSV files. (4) Sanitization: Absent; there are no instructions to validate or escape user input before interpolation into commands.
Recommendations
- AI detected serious security threats
Audit Metadata