daily-task-prep
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it retrieves and processes untrusted data from meeting attendee context and calendar entries.
- Ingestion points: Untrusted data enters the context via
get_pageandget_timelinewhen loading attendee brain pages and recent timeline entries in Phase 1 and Phase 2. - Boundary markers: The prompt template does not use specific delimiters or instructions to treat external data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill is restricted to read-only operations (
search,query,get_page,list_pages,get_timeline) and is explicitly marked as non-mutating, which mitigates the impact of potential injection. - Sanitization: No sanitization or validation of retrieved content is performed before it is interpolated into the final briefing output.
Audit Metadata