todo-archive
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script in
scripts/archive_todo.pyusessubprocess.runto executegit rev-parse --show-toplevel. This is a legitimate and safe operation used to identify the project root directory. It is implemented using a static list of arguments, which prevents shell injection vulnerabilities. - [SAFE]: The skill performs local file system operations, specifically reading and writing markdown task lists in
TODO.mdand.ai/todos/. The logic is transparently implemented in Python, does not involve any network communication, and does not access sensitive system files or credentials.
Audit Metadata