tracking-todos
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a task-tracking mechanism using an internal state-management API. It does not perform any network operations, file access outside of its configuration store, or shell command execution.- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes and displays user-provided strings for task descriptions. However, this does not pose a threat in this context as the skill lacks any privileged capabilities that could be exploited through such an injection.
- Ingestion points: Task descriptions are ingested via the
write_todosfunction inscripts/todos.pyand are based on instructions inSKILL.md. - Boundary markers: The stored task data is not delimited or specifically tagged as untrusted content.
- Capability inventory: The skill scripts contain no subprocess calls, network requests, or direct file I/O operations.
- Sanitization: The
_validatefunction performs schema and type validation but does not filter for potentially malicious instructions.
Audit Metadata