Trust Assessment
todoist-api received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input in CLI Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input in CLI Arguments The skill instructs the LLM to construct `td` CLI commands where user-provided input (e.g., task content, project names, filter queries) is directly inserted into command arguments. If the LLM does not properly sanitize or escape this user input before passing it to the shell, a malicious user could inject shell metacharacters (e.g., `;`, `&&`, `|`, `$(...)`) to execute arbitrary commands on the host system. This is a common vulnerability when wrapping CLI tools without explicit input sanitization. The LLM should be explicitly instructed to sanitize all user-provided strings that are passed as arguments to `td` commands. This typically involves escaping shell metacharacters (e.g., by quoting arguments or using a shell escaping utility) or, preferably, using a library/method that safely passes arguments to subprocesses (e.g., `subprocess.run` with `shell=False` in Python, passing arguments as a list). The skill's instructions should include a clear directive for the LLM to perform this sanitization. | LLM | SKILL.md:120 |
Scan History
Embed Code
[](https://skillshield.io/report/6aad5e7dc3bd5a7e)
Powered by SkillShield