file-todos
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides workflows for managing todos as markdown files in a
todos/directory. It uses standard shell commands (ls,cp,mv,grep,awk) for file manipulation and searching. No network requests, credential access, or privilege escalation attempts were detected.\n- [PROMPT_INJECTION]: The skill processes content from markdown files. This creates a surface for indirect prompt injection, which is a common aspect of file-based task management. \n - Ingestion points: Reads markdown files in the
todos/directory.\n - Boundary markers: Uses YAML frontmatter delimiters (
---).\n - Capability inventory: Local file operations (
ls,cp,mv,grep,awk) restricted to the project scope.\n - Sanitization: None; relies on frontmatter markers and instructional boundaries.
Audit Metadata