Trust Assessment
todoist received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential for Command Injection via `todoist` CLI arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Command Injection via `todoist` CLI arguments The skill describes how to use the `todoist` CLI tool, which involves constructing shell commands with user-provided input for task content, filters, project names, and labels. If an LLM agent directly interpolates untrusted user input into these shell commands without proper sanitization (e.g., quoting or escaping), it could lead to arbitrary command execution on the host system. For example, passing `"; rm -rf /"` as a task description to `todoist add` could execute the `rm` command if not properly handled by the agent. LLM agents should always sanitize and properly quote/escape any user-provided input before incorporating it into shell commands executed via `subprocess` or similar methods. Specifically, arguments passed to `todoist` commands (like task content, filter strings, project names, label names) must be treated as untrusted and escaped. Using `shlex.quote()` in Python or similar language-specific mechanisms is recommended. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/2d6fbe558f07106f)
Powered by SkillShield