productivity-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure (HIGH): The skill documentation explicitly points to a sensitive configuration path
private-prefs/personal-taxonomy.json. This provides a specific target for data access or exfiltration attacks by identifying where the user's organizational structure and preferences are stored. - Indirect Prompt Injection (HIGH): The skill facilitates the flow of data from untrusted external sources (task descriptions and notes) to write-capable tools. 1. Ingestion points: Data enters the agent context through the
read_tasksandmigrate_inbox_to_notionfunctions. 2. Boundary markers: The instructions do not define any delimiters or system-level instructions to ignore potential commands embedded within the task data being processed. 3. Capability inventory: The skill includes high-impact write capabilities, such ascreate_task(writing to Things3) andmigrate_inbox_to_notion(writing to Notion), creating a pathway for an attacker to influence one system through the other. 4. Sanitization: No sanitization or validation logic is present to filter out or neutralize instructions hidden in the ingested content.
Recommendations
- AI detected serious security threats
Audit Metadata