todoist
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
todoist-clibinary to perform task management operations. User-provided strings for task names, labels, and comments are passed as arguments to this CLI tool. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) because it retrieves and displays content from an external source (Todoist). * Ingestion points: Data is ingested via
todoist-cli search,todoist-cli list,todoist-cli show, andtodoist-cli commentsas described inSKILL.md. * Boundary markers: The instructions do not define specific delimiters or directives to ignore embedded instructions. * Capability inventory: The skill has the capability to write and delete data (tasks, comments, reminders) viatodoist-clicommands inSKILL.md. * Sanitization: The skill does not implement content sanitization or filtering for the retrieved Todoist data.
Audit Metadata