team-daily-report
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local script execution using shell commands to run the core report generation logic located at '~/clawd/scripts/team_daily_report.py'.
- [DATA_EXFILTRATION]: Aggregates internal data including agent execution statuses and historical memory logs from '
/clawd/config/' and '/clawd/memory/' for transmission to external Telegram destination IDs. - [PROMPT_INJECTION]: Ingests data from memory files ('~/clawd/memory/{YYYY-MM-DD}.md') which may contain content from previous interactions; the skill does not explicitly define boundary markers or sanitization routines for this data ingestion, creating a surface for indirect prompt injection.
- [CREDENTIALS_SAFE]: Demonstrates secure handling of sensitive data by utilizing a password manager command ('pass show tokens/telegram-newsrobot') to retrieve API tokens rather than hardcoding them in the skill source.
Audit Metadata