todoist-api
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (MEDIUM): The skill instructs the agent to use shell commands (curl, jq) for API interaction. While intended for legitimate use, this represents a capability that could be misused if the agent is directed to execute modified commands or if variables are not properly handled.
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external content from the Todoist API (task text, comments, labels).
- Ingestion points: API read operations defined in SKILL.md and references/completed-tasks.md.
- Boundary markers: Absent; there are no instructions for the agent to use delimiters or specific ignore-tags when processing task data.
- Capability inventory: The skill possesses write/delete capabilities across multiple resources (tasks, projects, labels) as detailed in SKILL.md.
- Sanitization: Absent; instructions do not specify validation or escaping of the ingested content.
- Mitigation: The 'Confirmation Requirement' in SKILL.md acts as a critical manual safeguard before any destructive action is taken.
Audit Metadata