update
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Command Execution: The skill utilizes the GitHub CLI (gh issue list --assignee=@me) to fetch tasks assigned to the current user. This is a standard integration for task management.
- External Data Retrieval: In its comprehensive mode, the skill scans communication platforms like chat and email via the Model Context Protocol (MCP). This process retrieves data from external services to enrich the local memory.
- Indirect Prompt Injection Surface: The skill processes untrusted content from external sources which could potentially contain instructions. The skill handles this through an interactive workflow requiring user confirmation for all changes.
- Ingestion points: TASKS.md, GitHub issues, and communication platforms (via MCP).
- Boundary markers: Employs interactive user confirmation rather than explicit data sandboxing.
- Capability inventory: Reading/writing local markdown files and executing the gh command.
- Sanitization: No explicit sanitization of external content is specified before processing.
Audit Metadata