vikunja-vja
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the vja tool using the uv tool manager and the jq utility via Homebrew. These are recognized tools for processing data and interacting with the Vikunja service.
- [COMMAND_EXECUTION]: The skill executes local commands using the vja and jq binaries. These commands incorporate user-provided inputs such as task titles, notes, and IDs, including multi-step pipelines with xargs.
- [PROMPT_INJECTION]: The skill processes untrusted data from the Vikunja API, creating a surface for indirect prompt injection.
- Ingestion points: Task details (titles, descriptions, labels) are retrieved from the Vikunja server via vja ls and vja show commands and then processed in the shell.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat retrieved task content as data rather than instructions.
- Capability inventory: The skill possesses extensive control over the Vikunja account, including task deletion, creation, and modification, as well as shell piping capabilities.
- Sanitization: No sanitization or validation logic is defined to inspect or clean the data retrieved from the server before it is used in subsequent CLI operations.
Audit Metadata