daily-meeting-update
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill documentation describes automated execution of local CLI tools including
gh auth status,git, andjira. While these are legitimate developer tools, the skill's reliance on shell command detection and execution creates a surface for command misuse if the agent's logic is subverted. - [DATA_EXFILTRATION] (MEDIUM): The skill identifies and targets the
~/.claude/projectsdirectory to read.jsonlfiles containing Claude Code session history. This directory is highly sensitive as it contains uncommitted code, research, and internal logic. Accessing user home directory configuration/history files is a significant data exposure risk. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests data from external, potentially attacker-controlled sources (GitHub Pull Requests, Git commits, and Jira tickets).
- Ingestion points: GitHub PR titles/bodies, Git commit messages, Jira ticket summaries, and Claude session history.
- Boundary markers: None mentioned in the documentation to distinguish between instruction and data.
- Capability inventory: File system read (
~/.claude), CLI execution (gh,jira,git), and network operations (via CLI tools). - Sanitization: No evidence of sanitization or filtering of the ingested content before it is processed by the LLM to generate the final Markdown update.
Audit Metadata