Skills
skills/jackchuka/skills/p-daily-reflection/Gen Agent Trust Hub

p-daily-reflection

Warn

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses the local Claude history file and external communication platforms (Slack, Fireflies). Reading local history and private messages constitutes sensitive data exposure, although this access is required for the skill's primary function of generating reflections.
  • [COMMAND_EXECUTION]: The skill executes shell commands using the gh CLI and a bundled Python script. User-supplied arguments for --since and --days are interpolated into these commands as REFLECT_START and REFLECT_END variables. This presents a potential command injection surface if the agent fails to validate that the inputs are strictly date-formatted strings.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources including Slack messages, meeting summaries, and GitHub commit descriptions. This creates a surface for indirect prompt injection, where instructions hidden in those external data sources could manipulate the AI's analysis or the action items it generates.
  • Ingestion points: Slack search results, Fireflies meeting transcripts, and GitHub API responses (file: references/agent-gather-slack.md, references/agent-gather-fireflies.md, references/agent-gather-github.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are used when aggregating external data.
  • Capability inventory: File writing (SKILL.md Steps 4 and 5), command execution via gh and local Python scripts.
  • Sanitization: No visible sanitization or validation of the content fetched from external APIs before it is passed to the analysis lenses.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 02:44 AM