topydo
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the topydo CLI to manage tasks. All commands (add, list, complete, delete) are standard for task management and operate on a local todo.txt file defined in the configuration.
- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions using Homebrew (brew install topydo), pip (pip3 install topydo), and apt (sudo apt install python3-pip). These are standard installation methods for the legitimate topydo project.
- [PRIVILEGE_ESCALATION]: One command uses
sudo apt install python3-pip, which is a standard administrative command for installing a package manager on Debian-based systems. There are no suspicious uses of sudo or attempts to bypass security controls. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or sensitive file access patterns were detected. The skill correctly instructs the user on how to manage their own local configuration files.
- [PROMPT_INJECTION]: The skill does not contain instructions that attempt to override the agent's behavior or bypass safety guidelines.
Audit Metadata