today
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection in the SKILL.md file to execute shell commands ('date' and 'ls') at load time. These commands are used to retrieve the current date and list recent daily notes to provide context for the workflow.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface in the 'Team Sync' phase where it ingests and processes external data provided by the user.
- Ingestion points: Phase 2 interactive prompt where the user is asked to paste Slack threads, meeting notes, or other external updates.
- Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the untrusted content from the agent's instructions.
- Capability inventory: The skill is allowed to use file system tools (Read, Write, Edit, Glob, Grep) and Task management tools.
- Sanitization: No sanitization or validation logic is present; the skill relies on simple keyword detection to route content.
Audit Metadata