things3-manager
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing local Python scripts (e.g.,
scripts/things3_read.py,scripts/things3_write.py) to interact with the Things3 application. It also includes a direct Python command execution to verify existing areas. - [EXTERNAL_DOWNLOADS]: Requires the installation of the
things.pylibrary from the official Python Package Index (PyPI) to enable reading the Things3 SQLite database. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (task titles, notes, and project names) from the external Things3 database.
- Ingestion points:
scripts/things3_dashboard.pyandscripts/things3_read.pyread data from the local Things3 SQLite database. - Boundary markers: No explicit boundary markers or delimiters for processed data are defined in the instructions.
- Capability inventory: The skill has the capability to execute shell commands and modify/delete data within the Things3 application via
scripts/things3_write.py. - Sanitization: No sanitization or validation of the content retrieved from Things3 is mentioned in the skill instructions.
Audit Metadata