todoist-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste their Todoist API token and instructs the agent to embed that token verbatim into config files, env entries, and curl/command outputs, which forces the LLM to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated Todoist content via the Todoist API (see Step 5 curl to https://api.todoist.com/api/v1/projects and Step 9 “Reading: Todoist tasks appear in your daily plan automatically” in SKILL.md), and those imported task items can influence routing, syncing behavior, and autonomous actions (trust_level: autonomous), so untrusted third‑party content could indirectly inject instructions.