obsidian-ticktick-sync
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts to orchestrate the synchronization process, requiring file system access to read and update markdown notes within the Obsidian vault.
- [DATA_EXFILTRATION]: Task metadata, including titles and dates, is transmitted to the official TickTick and Dida365 API endpoints (api.ticktick.com and api.dida365.com). These are well-known services, and the data transfer is the intended primary function of the skill.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted markdown content from the user's vault. * Ingestion points: Markdown files are read and parsed line-by-line via the extract.py script. * Boundary markers: The skill relies on specific regex patterns (e.g., [sync:: pending]) to identify data but does not use strict delimiters to isolate processed content from potential instructions. * Capability inventory: The skill has the capability to write to the local file system and send data to external APIs. * Sanitization: Outbound data is serialized as JSON, and file updates are performed through controlled string rebuilding, which mitigates the risk of command injection or malformed payloads.
Audit Metadata