daily-done
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill accesses task files located in
~/.claude/daily-tasks/. This is local file access necessary for the skill's primary function. No evidence of data transmission to external servers or unauthorized access to sensitive system files was found. - [Command Execution] (SAFE): Uses the
catanddatecommands to retrieve file contents and timestamps. These commands are executed with system-provided date strings and do not include unsanitized user input in the shell execution context. - [Indirect Prompt Injection] (LOW): The skill reads from local JSON files that could theoretically contain malicious instructions. However, the logic is highly structured and uses the
disable-model-invocation: trueflag, which prevents the AI from dynamically interpreting content from the file as new instructions. 1. Ingestion points:~/.claude/daily-tasks/*.json2. Boundary markers: Not explicitly implemented. 3. Capability inventory: File reading, writing (via Write tool), and basic system command execution. 4. Sanitization: No explicit sanitization of JSON content, but logic is restricted to predefined fields.
Audit Metadata