triage
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the local file system.
- Ingestion points: The skill is instructed to "Read all pending todos in the todos/ directory" (SKILL.md).
- Boundary markers: Absent. There are no explicit instructions to use delimiters or ignore instructions embedded within the content of the files being read.
- Capability inventory: The skill has the capability to create, rename, and delete files in the
todos/directory. It also suggests execution of the/resolve-todo-paralleltool (SKILL.md, Step 2 and Step 4). - Sanitization: Absent. There is no evidence of content validation, escaping, or filtering applied to the data read from the files before it is processed by the agent.
Audit Metadata