my-townhall-agency
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically generates Google Apps Script code (townhall/slides.gs) using an AI agent. This code is then programmatically executed within the user's Google Workspace environment via browser automation. Since the code is not static and is generated based on variable inputs, it represents a dynamic execution risk.\n- [COMMAND_EXECUTION]: The skill utilizes Chrome automation to interact with the Apps Script editor. This automated sequence involves navigating the UI, pasting generated code, and triggering the 'run' command, which constitutes high-level automated command execution within a browser context.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources to influence code generation.\n
- Ingestion points: Reads content from local project and synchronization directories, specifically .claude/skills/my-context-sync/sync/, agent/projects/finance/, and financial_state.md.\n
- Boundary markers: None. The prompts for the 'Researcher' and 'Designer' agents do not include delimiters or instructions to ignore embedded commands in the source data.\n
- Capability inventory: Capability to write local files (DATA.md, OUTLINE.md, slides.gs), perform browser automation, and execute script logic within Google Slides.\n
- Sanitization: No sanitization or validation of the data retrieved from the source files is performed before it is used to generate executable script code.
Audit Metadata