The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface as it retrieves and processes task content and comments which are attacker-controllable if an agent interacts with a shared or compromised Todoist account.\n
Ingestion points: td task list, td task view, and td comment list (SKILL.md).\n
Boundary markers: Absent; there are no specific instructions to treat task content as untrusted data or to use delimiters.\n
Capability inventory: The skill can perform deletions, updates, and project management (td task delete, td project delete).\n
Sanitization: Absent; the skill relies on a mandatory confirmation policy for destructive actions rather than input sanitization.\n- EXTERNAL_DOWNLOADS (SAFE): The skill directs the agent to advise the user to install the official Todoist CLI package from npm.\n
Evidence: npm install -g @doist/todoist-cli in SKILL.md.\n
Context: The package is the well-known official tool for a reputable service.\n- COMMAND_EXECUTION (SAFE): The skill utilizes the local CLI to manage Todoist data, which is its primary stated purpose.\n
Evidence: Multiple td CLI commands throughout SKILL.md and references/completed-tasks.md.\n- DATA_EXFILTRATION (SAFE): Mentions of Todoist API token and network requests are confined to the primary service domain.\n
Evidence: Use of $TODOIST_API_TOKEN and curl to api.todoist.com in references/completed-tasks.md.\n
Context: These operations are consistent with the skill's primary function and target the service's official API.

todoist-api