daily-unblock
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses the
catcommand to access its data directory in~/.claude/daily-tasks/. This operation is consistent with its stated purpose and is limited to its own configuration path. - [PROMPT_INJECTION] (LOW): An indirect prompt injection surface was identified.
- Ingestion points: The skill reads data from JSON files in the
~/.claude/daily-tasks/directory, which may contain untrusted summaries or descriptions. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore instructions embedded within the task file content.
- Capability inventory: The skill has the ability to read local files and use a 'Write tool' to modify the file system.
- Sanitization: Data from the JSON files, such as task summaries and Jira keys, is used directly without sanitization or escaping before being displayed or processed for status updates.
Audit Metadata