The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts/ticktick_cli.py script declares a dependency on 'httpxyz', a non-standard and relatively unknown library that shares a versioning scheme and name similarity with the popular 'httpx' library. This represents an unverifiable dependency and a potential supply chain risk.
[DATA_EXFILTRATION]: The parse_checklist_items function in scripts/ticktick_cli.py allows reading local files if the --item-json argument is prefixed with '@'. If an attacker can influence the inputs to the agent (e.g., through indirect prompt injection), they might trick the agent into reading sensitive files (like SSH keys or configuration files) and transmitting them to the TickTick API or revealing them in the conversation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the TickTick API and presents it to the agent.
Ingestion points: Data retrieved from the API via list_projects, get_task, and get_project_data in scripts/ticktick_api_client.py is processed and displayed.
Boundary markers: None. Data from the API is displayed directly without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill has the ability to read local files (via the @ prefix), perform network requests to the TickTick API, and perform destructive actions like delete_task and delete_project.
Sanitization: No sanitization or validation is performed on the content of tasks or projects retrieved from the API before they are processed by the agent.
[COMMAND_EXECUTION]: The skill utilizes the uv run mechanism to execute a local Python CLI. While the source code for the CLI and API client is provided, the execution environment involves downloading and running external packages and interacting with the local file system and network.

ticktick-cli