Skills
skills/htlin222/dotfiles/todoist/Gen Agent Trust Hub

todoist

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes task, project, and comment data from the external Todoist API.
  • Ingestion points: Data is fetched from the Todoist API via the api() function in scripts/todoist.py and returned as JSON to the agent.
  • Boundary markers: The instructions in SKILL.md do not provide delimiters or instructions to ignore embedded commands within the retrieved task content or descriptions.
  • Capability inventory: The skill uses Bash(python3 *) to execute scripts/todoist.py, which has capabilities for network access (targeting api.todoist.com) and file system access (reading and writing the .apikey file).
  • Sanitization: The Python script and accompanying instructions do not include mechanisms to sanitize, validate, or escape the content returned by the API before it is interpolated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:31 PM