automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests data from external sources including Slack messages (references/meeting-notes.md), Jira tickets (references/weekly-report.md), and Confluence pages (references/custom-workflow.md). There are no explicit instructions or delimiters mentioned to sanitize this data, which could allow maliciously crafted external content to influence the agent's logic during report summarization or the generation of new skills.
- [COMMAND_EXECUTION]: Dynamic Skill Generation. In Phase 3 (SKILL.md), the agent generates and saves new instruction files (SKILL.md) to the
skills/directory based on user requirements and retrieved data. This runtime assembly of executable instructions is a core feature for building custom automations but remains a security surface as it modifies the agent's available toolset based on session-derived content. - [DATA_EXFILTRATION]: Local State Access. The skill reads and writes to a local configuration file at
~/.claude/skills/smilegate-ai-tools/state.jsonto manage tool connectivity status and automation progress. This is handled as internal state management for the 'smilegate-ai-tools' suite.
Audit Metadata