topydo
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Privilege Escalation (HIGH): The installation instructions include the use of
sudo(sudo apt install python3-pip), which grants the agent the ability to execute commands with root privileges. - Unverifiable Dependencies (MEDIUM): The skill directs the agent to install the
topydopackage viapip3. The source (github.com/bastos) is not among the verified trusted organizations, posing a risk of executing unvetted code during installation and usage. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process data from
todo.txtfiles. This creates a vulnerability surface where an attacker could place malicious instructions inside a task list to manipulate the agent's behavior. - Ingestion points: Reads from
~/todo.txtand configuration files like~/.topydo. - Boundary markers: None identified; the agent appears to treat task text as plain data for processing.
- Capability inventory: The agent can add, delete, edit, and list tasks, as well as execute arbitrary
topydoCLI commands which interact with the local file system. - Sanitization: There is no evidence of input sanitization or validation for the content of the tasks being processed.
Recommendations
- AI detected serious security threats
Audit Metadata