Skills
skills/i9wa4/dotfiles/daily-report/Gen Agent Trust Hub

daily-report

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages local CLI tools including gh, jq, sed, and date to gather and format activity data.
  • [EXTERNAL_DOWNLOADS]: The skill executes the acli tool via Nix (nix run nixpkgs#acli), which involves fetching the tool from the Nixpkgs registry.
  • [DATA_EXFILTRATION]: The skill processes sensitive data from GitHub, Jira, and Slack. It requires the user to set environment variables for Slack authentication (SLACK_MCP_XOXC_TOKEN and SLACK_MCP_XOXD_TOKEN) to access meeting information from Slack DMs.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external platforms (GitHub, Jira, Slack) which could contain malicious instructions meant to influence the agent's behavior.
  • Ingestion points: GitHub activity summaries, Jira work items, and Slack message history are fetched via their respective APIs and CLIs.
  • Boundary markers: The skill does not implement technical delimiters for the fetched content within its scripts.
  • Capability inventory: The skill uses the gh CLI to create issues on GitHub.
  • Sanitization: No automated sanitization of fetched text is performed; however, the skill workflow explicitly requires the user to review and edit the draft report before it is published, acting as a manual verification gate.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 01:49 AM