sync-things-tasks
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is designed to interact with the local system via the
thingsCLI tool. It provides templates for shell commands that the agent will execute. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it extracts action items directly from Obsidian notes.
- Ingestion points: Processes content from Obsidian vault files (as described in SKILL.md under 'Adding Tasks from Notes' and 'Project Task Extraction').
- Boundary markers: Absent; there are no instructions to ignore embedded commands within the ingested note content.
- Capability inventory: Shell command execution via the
thingsCLI (SKILL.md). - Sanitization: Absent; the skill does not specify any sanitization or validation of the text extracted from notes before passing it to the CLI.
Audit Metadata