plan-my-day
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided data such as calendar events and task lists to generate daily plans. While this represents a surface for indirect prompt injection, the risk is negligible as the skill lacks dangerous capabilities like network access or command execution.
- Ingestion points: The skill reads existing calendar events and previous tasks to gather context (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present.
- Capability inventory: No network operations, file writing, or subprocess execution capabilities are included in the skill.
- Sanitization: No explicit sanitization or validation of ingested calendar/task data is described.
- [NO_CODE]: The skill consists entirely of Markdown-based instructions and metadata. It does not include any Python, JavaScript, or shell scripts, significantly reducing its attack surface.
Audit Metadata