Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/builder/Gen Agent Trust Hub

builder

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE]: The skill includes code examples that reference accessing sensitive local credential files.
  • Evidence: Reference to credentials.json in SKILL.md for Google Calendar API authentication within the automation script pattern.
  • [COMMAND_EXECUTION]: The skill is configured to generate and execute arbitrary scripts and deployment commands.
  • Evidence: Instructions encourage running generated scripts (e.g., python standup.py) and utilizing CLI tools like gh-pages, netlify, and vercel for static site deployment.
  • Note: Deployment targets (GitHub, Netlify, Vercel) are recognized well-known services.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to processing untrusted data with high-privilege tool access.
  • Ingestion points: Processes data from Google Calendar events, BigQuery analysis results, SQL databases, and CSV files as specified in the 'Data-to-Deck Pipeline' and examples.
  • Boundary markers: No explicit delimiters or instructions to ignore instructions embedded in the ingested data are defined.
  • Capability inventory: The skill uses Write, Edit, and Bash (npm/node) which allow for the creation and execution of scripts based on ingested content.
  • Sanitization: There is no mention of sanitization or validation of external data before it is processed or used in code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 11:28 PM