todoist
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the vendor's own CLI tool (@membranehq/cli) for managing API interactions and authentication, which is consistent with the stated purpose and author context.
- [SAFE]: No hardcoded secrets or sensitive information were detected. The instructions explicitly direct the agent to avoid handling API keys directly and use the platform's managed connection system instead.
- [SAFE]: All identified URLs and package references belong to the vendor's infrastructure (getmembrane.com, github.com/membranedev).
- [PROMPT_INJECTION]: The skill processes untrusted data from Todoist (e.g., task names and comments), creating a surface for indirect prompt injection. Ingestion points: 'list-tasks', 'list-projects', 'list-comments', 'list-sections', 'list-labels' in SKILL.md. Boundary markers: Absent. Capability inventory: 'membrane action run', 'membrane request' in SKILL.md. Sanitization: Absent. This risk is inherent to the integration's primary purpose and no malicious triggers were found.
Audit Metadata