daily-standup
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to retrieve developer activity and manage a local work log. Evidence includes the use of git, gh, cat, mkdir, and date as defined in SKILL.md and scripts/init-worklog.sh.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the external data sources it processes. 1. Ingestion points: Processes git commit messages, GitHub PR metadata, and user-provided log entries from ~/.daily-worklog/current.md. 2. Boundary markers: No clear delimiters or safety instructions are used when interpolating these data sources into the report generation prompt. 3. Capability inventory: The agent has access to shell command execution (git, gh) and file system writes within the user's home directory. 4. Sanitization: There is no evidence of filtering or sanitizing the input data from git history or PRs before it is summarized.
Audit Metadata