ticktick
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill retrieves user-controlled task titles, descriptions, and project names from the TickTick API in
scripts/api.ts(e.g.,getProjectData,getAllTasks). - Boundary markers: No delimiters or specific instructions are provided to the agent to treat API-retrieved content as untrusted data.
- Capability inventory: The skill has the capability to create, update, and delete tasks and projects via the TickTick API as defined in
scripts/api.ts. - Sanitization: External task content is used directly in terminal output and JSON responses without sanitization or validation.
- [EXTERNAL_DOWNLOADS]: Official API Communication.
- The skill communicates with official TickTick domains (
https://api.ticktick.comandhttps://ticktick.com/oauth) for authentication and task synchronization. - Evidence: Network request logic is encapsulated in
scripts/api.tsandscripts/auth.ts. This represents standard functionality for a task management tool. - [DATA_EXFILTRATION]: Local Configuration Storage.
- The skill creates and accesses a sensitive configuration file at
~/.clawdbot/credentials/ticktick-cli/config.jsonto store OAuth2 client credentials and access tokens. - Evidence:
scripts/auth.tsimplements restricted file permissions (0o600for the configuration file and0o700for the directory) to mitigate the risk of unauthorized local access to the stored credentials.
Audit Metadata