ticktick-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill's setup and troubleshooting files (
references/setup-and-auth.md,references/troubleshooting.md) provide instructions for installing theticktick-clipackage from PyPI. This package is not maintained by a trusted organization listed in the security policy. - COMMAND_EXECUTION (LOW): The skill is designed to execute a wide range of shell commands to manage TickTick data. While restricted to the
ticktickbinary, this is the primary mechanism of action. - DATA_EXPOSURE (LOW): The skill accesses and processes sensitive user data, including personal tasks, project structures, and focus/productivity analytics.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: Data is ingested through
ticktick ... --jsoncommands which pull user-generated content (task titles, descriptions, tag names) from TickTick servers. - Boundary markers: The use of
--jsonprovides structured data boundaries, but there are no specific 'ignore instructions' delimiters for the text content within the JSON. - Capability inventory: The skill has extensive write/delete capabilities for tasks, projects, folders, habits, and tags across all reference files.
- Sanitization: No evidence of text sanitization or filtering for embedded instructions in task content was found.
Audit Metadata