briefing
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/briefing_ctl.pyutility invokes thebriefing_run.pyscript viasubprocess.run. It uses a list of arguments for execution, which is a secure practice that mitigates shell command injection risks.\n- [COMMAND_EXECUTION]: Inscripts/briefing_ctl.py, thecmd_historyfunction builds file paths using user-provided domain names without explicit validation. This could allow for limited path traversal when attempting to read history files, though the impact is restricted by a fixed file suffix.\n- [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection because it ingests data from external RSS feeds and APIs.\n - Ingestion points: Untrusted data from external sources is collected and stored in
domains/<name>/data/today_context.json.\n - Boundary markers: The provided prompt templates (
generate_base.md,review_base.md) do not include explicit delimiters or instructions to ignore embedded commands.\n - Capability inventory: The pipeline can execute shell commands via subprocesses and send emails to configured recipients.\n
- Sanitization: There is no evidence of sanitization or validation of the external content before it is interpolated into LLM prompts.
Audit Metadata