todoist
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is the official command-line tool for the Membrane platform, provided by the skill author. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform administrative and data operations, including logging into the platform (membrane login), establishing service connections (membrane connect), and executing actions (membrane action run). This is the intended operational model for the skill. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it retrieves data from external Todoist sources (such as task content and comments) which could potentially contain malicious instructions.
- Ingestion points: Data returned from Todoist via
membrane action runcommands, as described inSKILL.md. - Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to separate external data from agent instructions.
- Capability inventory: The skill utilizes the
membraneCLI to execute various integration tasks, which involves shell command execution. - Sanitization: Absent; there is no mention of filtering or sanitizing the content retrieved from the Todoist API before the agent processes it.
Audit Metadata