todoist
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
todoistCLI binary to perform task management operations. This is the intended purpose of the skill and uses standard command patterns.- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installingtodoist-cliusing Homebrew, a well-known and reputable package manager. The source repository is a public, established project on GitHub.- [CREDENTIALS_UNSAFE]: The documentation guides users to store their API token in a local configuration file (~/.config/todoist/config.json). This is a standard and acceptable practice for CLI tools, as it avoids passing sensitive tokens via command-line arguments which could be visible in process lists.- [SAFE]: No malicious patterns, such as prompt injection, unauthorized data exfiltration, or obfuscation, were detected in the skill instructions or metadata.
Audit Metadata