todoist
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill identifies and relies upon the configuration file path
~/.config/todoist/config.json. This file stores a sensitive Todoist API token in plaintext, posing a risk of credential exposure if accessed by the agent or other processes.- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection because it processes external task data and has destructive write capabilities. * Ingestion points: External task descriptions and metadata retrieved viatodoist list. * Boundary markers: None. The skill does not instruct the agent to use delimiters or ignore instructions embedded within task content. * Capability inventory:todoist add,todoist modify,todoist close, andtodoist deleteprovide side-effect capabilities. * Sanitization: None detected. External content is processed as raw strings. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of
todoist-clivia Homebrew from an untrusted GitHub repository (sachaos/todoist). - [COMMAND_EXECUTION] (LOW): The skill operates by executing shell commands through the
todoistbinary. While routine for CLI-based skills, this increases the potential impact of any injected arguments.
Recommendations
- AI detected serious security threats
Audit Metadata