recap
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a modular architecture, calling local fetcher scripts for Git, GitHub, and Basecamp activity. These scripts are located in relative paths within the skill root, representing a standard design for multi-part skills.
- [SAFE]: Data management is handled through user-controlled configuration (
/.config/recap/) and cache (/.cache/recap/) directories, which is appropriate for a local productivity tool. - [SAFE]: The instructions include a dedicated 'Trust Boundaries' section that proactively warns the agent about the risk of indirect prompt injection from untrusted data (like PR descriptions and commit messages). Evidence Chain: 1. Ingestion points: The skill reads JSON files containing activity data from the local cache directory. 2. Boundary markers: Explicit instructions are provided to treat cached text as data, not instructions, and to ignore directives in message content. 3. Capability inventory: The skill performs shell execution of fetcher scripts and writes the final digest to stdout or a file. 4. Sanitization: The agent is instructed to summarize snippets rather than quoting verbatim to avoid passing through payloads.
- [SAFE]: No suspicious network operations, obfuscation, or privilege escalation patterns were detected. The skill relies on established system tools like git and the gh CLI for its primary functions.
Audit Metadata