daily-planner
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill hardcodes sensitive authentication tokens in plain text across multiple files. Evidence: A Google Gemini API key (
AIzaSyCkzNP0apcHNB4mD1mI9QBlYjeeYGwQyb8) is included inSKILL.mdandscripts/generate_schedule.py. A Gmail address and an associated App Password (ttyvkjiuqvbzkddm) are stored inreferences/email_config.json. - PROMPT_INJECTION (MEDIUM): The 'Winner Mode' framework in
references/winner_mode.mduses instructions designed to override standard AI persona and safety protocols. Evidence: Commands such as 'You are not an assistant', 'No hedge or neutrality', and 'ruthless' are used to force the AI out of its default behavioral constraints. - DATA_EXFILTRATION (MEDIUM): The skill is configured to send sensitive user information, including personal health status and career goals from
long_term_goals.md, to a hardcoded external email address (qhchen@gzhmu.edu.cn) using the exposed credentials. - METADATA_POISONING (LOW): The skill documentation and scripts refer to non-existent AI models ('Gemini 3.1 Pro', 'Gemini 2.5 Pro'), indicating deceptive metadata or unverified automated generation.
Recommendations
- AI detected serious security threats
Audit Metadata