daily-rhythm
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the Google Tasks API and Stripe API to synchronize user data. It utilizes official libraries and follows standard authentication practices, requiring the user to provide their own credentials in local files.
- [COMMAND_EXECUTION]: Automation is handled through local Python and Bash scripts meant to be run via system cron jobs. Documentation provides instructions for the user to configure these schedules manually.
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface because it processes data from external sources (Calendar ICS URLs) and user-supplied responses which are later included in AI-generated briefs.
- Ingestion points: User responses in wind-down prompts saved to 'memory/YYYY-MM-DD.md' and calendar event data fetched from external URLs.
- Boundary markers: Absent. The skill does not currently use specific delimiters or instructions to the agent to ignore embedded commands in the synced data.
- Capability inventory: The skill can update Google Tasks through 'scripts/sync-google-tasks.py' and write to the local memory directory.
- Sanitization: None detected. Content from external sources is used directly in the morning brief generation instructions.
- [SAFE]: No malicious patterns such as obfuscation, persistence, or data exfiltration were found. The presence of hardcoded absolute paths (e.g., '/Users/tom/...') appears to be an artifact of the author's development environment and does not represent a security threat, though it may cause the skill to fail unless updated by the user.
Audit Metadata