Skills
skills/danielmiessler/personal_ai_infrastructure/AnnualReports/Gen Agent Trust Hub

AnnualReports

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches report source data from a public GitHub repository via the UpdateSources.ts tool. It also downloads report content from various cybersecurity vendor websites using the FetchReport.ts tool to facilitate summarization and analysis.
  • [COMMAND_EXECUTION]: The skill executes internal logic using Bun-based TypeScript tools for fetching, listing, and updating its data sources.
  • [PROMPT_INJECTION]: The SKILL.md file contains instructions for the agent to load and apply instructions from a customization directory (~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/AnnualReports/), which allows external files to override default behavior.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes untrusted external report content.
  • Ingestion points: External report content fetched by Tools/FetchReport.ts and the upstream source list fetched by Tools/UpdateSources.ts.
  • Boundary markers: No explicit delimiters or instructions are used to prevent the agent from following commands embedded in fetched reports.
  • Capability inventory: The skill has network access (fetch), file system access (fs), and tool execution capabilities (bun run) across Tools/FetchReport.ts, Tools/UpdateSources.ts, and Tools/ListSources.ts.
  • Sanitization: The Tools/FetchReport.ts tool performs basic HTML tag stripping but lacks mechanisms to sanitize or validate the text content for potential malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 12:20 PM