Trust Assessment
tasks received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Unpinned Python Package Dependency, Potential Command Injection via External Binary Execution, Sensitive Environment Variable Usage.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Python Package Dependency The skill's manifest specifies a Python package `todoist-api-python` for installation via pip without pinning a specific version. This allows pip to install the latest available version, which could introduce malicious code if a future version of the package or one of its dependencies is compromised (supply chain attack). Pin the version of `todoist-api-python` in the manifest's `install` section (e.g., `"package": "todoist-api-python==X.Y.Z"`) to ensure deterministic and secure installations. | LLM | SKILL.md:1 | |
| MEDIUM | Potential Command Injection via External Binary Execution The skill is designed to execute the `todoist` CLI binary, as indicated by the manifest's `requires.bins` and examples in the SKILL.md. If the skill's implementation (not provided in this context) constructs `todoist` commands using unsanitized user input (e.g., task descriptions, due dates, or task IDs), it could lead to command injection, allowing an attacker to execute arbitrary shell commands. Ensure all user-provided input passed to external commands like `todoist` is rigorously sanitized and properly escaped to prevent shell injection. Consider using a dedicated library for safe command execution or passing arguments as separate list items to `subprocess.run` to avoid shell interpretation. | LLM | SKILL.md:1 | |
| LOW | Sensitive Environment Variable Usage The skill explicitly requires sensitive environment variables (`TODOIST_API_TOKEN` or `MSGRAPH_TOKEN`) for authentication. While the skill itself doesn't show direct exfiltration in the provided context, the presence and use of these credentials increase the impact of other vulnerabilities (e.g., the unpinned dependency or command injection) if they were to be exploited, potentially leading to credential compromise or data exfiltration. Implement robust error handling and logging to monitor access to these credentials. Ensure the skill operates with the principle of least privilege. Regularly rotate API tokens. The primary remediation for the risk of exfiltration is to address underlying vulnerabilities like unpinned dependencies or command injection. | LLM | SKILL.md:3 |
Scan History
Embed Code
[](https://skillshield.io/report/4f2f482fd2d810cc)
Powered by SkillShield