task-management
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the Todoist system using the
todoist-clitool to perform task-related operations such as listing, adding, and updating tasks. - [SAFE]: The skill utilizes a secure secrets management approach (
secrets lease) to handle API tokens, avoiding hardcoded credentials. - [PROMPT_INJECTION]: The skill ingests external data from Todoist task fields and comments. This establishes a surface for indirect prompt injection, where content within tasks could potentially influence agent behavior.
- Ingestion points: Todoist task retrieval commands in
SKILL.md. - Boundary markers: Absent.
- Capability inventory: Command execution via
todoist-cliinSKILL.md. - Sanitization: Absent.
Audit Metadata