Skills
skills/a-green-hand-jack/ml-research-skills/work-timeline-planner/Gen Agent Trust Hub

work-timeline-planner

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git log and git rev-parse commands, which is necessary for its core functionality of gathering project history.
  • [EXTERNAL_DOWNLOADS]: The templates/timeline-report.html file references the Frappe Gantt library from cdn.jsdelivr.net. This is a well-known service for delivering open-source assets.
  • [PROMPT_INJECTION]: The skill processes untrusted data from project repositories, creating a surface for indirect prompt injection.
  • Ingestion points: Git commit messages, README files, project documentation (e.g., docs/, PROJECT.md), and user-provided notes or chat transcripts.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings for the data being analyzed.
  • Capability inventory: The skill is configured with the Bash tool for git operations and Write/Edit tools for report generation.
  • Sanitization: The instructions do not explicitly require the agent to sanitize or escape the content extracted from external sources before including it in the final reports, which could lead to XSS in generated HTML or prompt confusion in the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 12:40 PM