inbox-processing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes basic shell commands ('mkdir') for local session caching and temporary file management within the 'temp/inbox-processing/' directory.\n- [DATA_EXFILTRATION] (SAFE): Data migration to Notion is a documented and intended core feature of the skill, performed through dedicated and user-approved MCP tools.\n- [PROMPT_INJECTION] (LOW): Detected an indirect prompt injection surface. 1. Ingestion points: The skill ingests arbitrary text from task titles and notes via the 'read_tasks' tool (as documented in workflows.md). 2. Boundary markers: The workflow documentation does not specify the use of delimiters or instructions to ignore embedded commands within processed tasks. 3. Capability inventory: The skill has access to sensitive tools including 'edit_task', 'create_project', and 'migrate_inbox_to_notion'. 4. Sanitization: There is no mention of content sanitization or filtering of user-provided task descriptions before they are analyzed by the LLM.
Audit Metadata