ticktick-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No direct malicious instructions were found. While the skill has a surface for indirect prompt injection (Category 8) because it reads user-controlled task data from an external API, this risk is inherent to the primary purpose of a task manager and is considered acceptable.
- Data Exposure & Exfiltration (SAFE): The skill communicates with
dida365.comand a Cloudflare Worker for OAuth authentication and task management. These network operations are necessary for the skill's functionality. No hardcoded secrets or exfiltration of sensitive local files were detected. - Unverifiable Dependencies (SAFE): The README references standard Python libraries (
typer,pydantic,httpx) and theuvscript runner. No suspicious or unversioned remote package installations were found. - Command Execution (SAFE): The skill instructions involve executing a local Python script (
ticktick_cli.py). The commands provided are standard for CLI tools and do not attempt to escalate privileges or modify system configurations.
Audit Metadata