planning-coaching
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on a local command runner ('just') located in the user's home directory (
/home/imalison/org/justfile) to interact with a task management system. It executes various subcommands to create, update, and complete tasks. - [DATA_EXFILTRATION]: The skill accesses and modifies personal data in the user's home directory (
/home/imalison/org/planning/), including context files about the user's life and daily journals. While this involves sensitive personal information, it is the primary purpose of the skill. - [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill is instructed to read content from user-controlled files (
context.organd daily journals) at the start of every session without sanitization. - Ingestion points:
/home/imalison/org/planning/context.org,/home/imalison/org/planning/dailies/YYYY-MM-DD.org - Boundary markers: Absent; the skill is directed to read these files directly into context.
- Capability inventory: The skill can execute local commands (
just), write/append to files, and modify task states. - Sanitization: Absent; no validation or filtering is applied to the content of the persistent files.
Audit Metadata