resolve-todo-parallel
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes the content of TODO comments from files located in
/todos/*.md. These files could contain malicious instructions from external contributors that might be followed by the resolution agents. - Ingestion points: The skill reads all unresolved items from the
/todos/*.mddirectory. - Boundary markers: None identified. The skill does not implement specific delimiters or safety instructions to prevent the agent from obeying instructions embedded within the TODO text.
- Capability inventory: The skill has significant capabilities, including spawning sub-agents (
pr-comment-resolver), committing changes, pushing to remote repositories, and deleting files. - Sanitization: No sanitization, validation, or filtering of the TODO content is performed before it is passed to the implementation step.
Audit Metadata