daily-standby
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes a local shell command
cat ~/.claude/daily-tasks/$(date +%Y-%m-%d).jsonto retrieve task data. The path is constrained to a specific sub-directory and uses a system-generated date for the filename, minimizing injection risks. - DATA_EXPOSURE & EXFILTRATION (SAFE): While the skill accesses files within a hidden directory in the user's home folder (~/.claude/), the access is localized to task management data. There are no network operations (curl, wget, or fetch) that would indicate data exfiltration.
- INDIRECT PROMPT INJECTION (LOW): The skill ingests untrusted data from a JSON file and user-provided arguments (the 'reason' for standby).
- Ingestion points: ~/.claude/daily-tasks/*.json.
- Boundary markers: None explicitly mentioned in the instructions for the JSON parsing.
- Capability inventory: Uses
catfor reading and an internal 'Write tool' for updating files. - Sanitization: No explicit sanitization of the 'reason' string is mentioned before it is written back to the JSON or displayed to the user. While this is a potential surface for indirect injection if other tools read this data, the current skill's capabilities are limited and do not pose a high risk.
Audit Metadata