toggl
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@beauraines/toggl-clipackage from the NPM registry to facilitate communication with the Toggl API.- [COMMAND_EXECUTION]: The agent executes various subcommands of thetogglCLI locally to manage time entries and generate reports.- [CREDENTIALS_UNSAFE]: The documentation instructs users to store their sensitive Toggl API token in a local configuration file (~/.toggl-cli.json), though it includes best-practice advice to secure the file using restrictive permissions.- [PROMPT_INJECTION]: There is a potential for indirect prompt injection because the agent ingests and acts upon task descriptions and project names retrieved from the external Toggl service. - Ingestion points: CLI output from
toggl now,toggl ls,toggl today, andtoggl week. - Boundary markers: Absent; there are no delimiters separating user data from instructions.
- Capability inventory: The agent has the ability to execute multiple state-changing CLI commands.
- Sanitization: No sanitization of the retrieved data is mentioned or implemented.
Audit Metadata