assistant
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands such as 'git log', 'gh pr list', and 'find' to extract activity data for standups and summaries.- [DATA_EXPOSURE]: Reads local Git history and project files, as well as external Obsidian notes through the Model Context Protocol (MCP), to align work with defined career goals.- [PROMPT_INJECTION]: As an indirect injection surface, the skill processes untrusted input from commit messages, PR descriptions, and notes. (1) Ingestion: Git logs, GitHub PR data, and Obsidian notes. (2) Boundary markers: Not present. (3) Capability inventory: Executes Git/GH CLI tools and writes to local JSON files in the '.claude/' directory. (4) Sanitization: None identified. The risk remains low as it is limited to text generation and local context management.- [EXTERNAL_DOWNLOADS]: Recommends installation of modular plugins from the author 'kriscard', which are considered vendor resources and part of the intended orchestration functionality.
Audit Metadata