productivity-todoist
Fail
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses the user's Todoist API token from a hardcoded local path at
~/.config/todoist-cli/config.json. Evidence: Found inSKILL.mdand theload_tokenfunction inscripts/todoist-triage.py. - [COMMAND_EXECUTION]: The skill instructs the agent to execute an external script
./todoist-sync/scripts/sync.pyto synchronize data. This script is not provided within the skill's files. Evidence: Documented inSKILL.mdunder the 'Process' and 'Resources' sections. - [PROMPT_INJECTION]: The skill processes Todoist task data stored in markdown files, which are sourced from an external service and may contain malicious instructions. 1. Ingestion points:
todoist-sync/tasks/directory containing task markdown files as described inSKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded content are used when reading task files. 3. Capability inventory: The skill can modify tasks (close, reschedule, label) viascripts/todoist-triage.pyand execute shell commands viasync.py. 4. Sanitization: No sanitization or validation of the task content is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata