person-dossier
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow involves executing several system commands using the
joelclaw,granola, andsecretsCLI utilities to manage sessions and fetch data. - [DATA_EXFILTRATION]: The skill accesses highly sensitive personal data, including email threads, meeting transcripts, and API tokens (
front_api_token), which are then used to build dossiers stored locally. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing data from untrusted external sources.
- Ingestion points: Ingests raw content from email threads via
joelclaw email readand meeting transcripts viagranola meeting --transcript. - Boundary markers: The agent lacks explicit boundary markers or instructions to treat fetched communication content as data rather than instructions.
- Capability inventory: The agent has extensive capabilities including shell command execution, credential leasing, and local file system write access.
- Sanitization: No sanitization or filtering logic is provided to validate the content of processed emails or transcripts against malicious instructions.
Audit Metadata