start-my-day
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill demonstrates a high-risk surface for indirect prompt injection by aggregating data from external and untrusted sources into its decision-making and file-writing workflow.
- Ingestion points: The skill reads data from
10_Daily/,20_Project/, and00_Inbox/files, and crucially ingests external content from the/ai-newslettersand/ai-productsworkflows. - Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the newsletter digests or project notes.
- Capability inventory: The agent has the capability to write and update files in
10_Daily/and00_Inbox/, and it uses the ingested data to 'Analyze & Prioritize' next steps. - Sanitization: Absent. External content is directly interpolated into the daily log and used to determine priorities without validation.
- [Data Exposure] (LOW): The skill performs broad read operations across multiple directories including daily logs, project files, and inbox items. While consistent with the stated purpose of a daily planner, this level of access provides a significant target for data exposure if the agent is compromised via injection.
Recommendations
- AI detected serious security threats
Audit Metadata