jobhunt-ops-broadcast-copy
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface.
- Ingestion points: The skill is designed to ingest and parse updates from user messages and email screenshots as described in the 'Workflow' section of
SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing ingested content.
- Capability inventory: The skill possesses file-write capabilities (updating
STATUS.md,CHANGELOG.md, and JSON files in~/.claude/) and command execution capabilities (runningsync_db.ps1). - Sanitization: There is no evidence of sanitization or validation of the text extracted from screenshots before it is persisted into structured JSON or Markdown files.
- [COMMAND_EXECUTION]: Execution of local scripts.
- The skill executes
jobhunt_ops/sync_db.ps1during the persistence and status update phases to synchronize data between the workspace and the personal assistant database. - [DATA_EXPOSURE]: Access to application-specific hidden directories.
- The skill reads and writes data to
~/.claude/personal_assistant/tasks.jsonand~/.claude/personal_assistant/schedule.json. While these paths are hidden within the user's home directory, they appear to be intended storage for the skill's primary function as a personal assistant.
Audit Metadata