tasks
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with the official Todoist API (api.todoist.com) to perform task management operations. This is a well-known service and the interaction is consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill retrieves and processes task content and descriptions from Todoist, which creates a surface for indirect prompt injection. The risk is negligible because the skill lacks high-privilege capabilities like system command execution or file system access.
- Ingestion points: Task data is ingested in
skill-router.jsonvia thelist,get, andget-by-filteractions. - Boundary markers: The skill does not use specific delimiters or instructions to the agent to ignore potential instructions embedded in the task data.
- Capability inventory: The skill's capabilities are restricted to Todoist API requests; it has no access to local files or the ability to execute subprocesses.
- Sanitization: No data sanitization or escaping is performed on the information retrieved from the Todoist API.
Audit Metadata