day2-create-context-sync-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill is designed to generate and execute local Python scripts (e.g., gmail_fetch.py) to interact with various APIs.\n- [Indirect Prompt Injection] (LOW): The skill processes potentially untrusted content from Gmail and Slack, creating a surface for indirect prompt injection.\n
- Ingestion points: Gmail messages and Slack channel content specified in templates/context-sync.md.\n
- Boundary markers: None explicitly defined in the templates to separate ingested content from system instructions.\n
- Capability inventory: Local script execution via 'uv run', file writes to the 'sync/' directory, and external MCP tool calls for Slack and Notion.\n
- Sanitization: The skill relies on the agent's summarization logic without explicit data sanitization or filtering.\n- [External Downloads] (MEDIUM): The skill workflow involves adding third-party MCP servers (e.g., @notionhq/notion-mcp-server) and connecting to external endpoints, which entails the execution of external code.\n- [Persistence Mechanisms] (LOW): The skill utilizes the agent's scheduling feature via CLAUDE.md to automate recurring tasks, which is an expected use of the platform and requires user opt-in.
Audit Metadata