daily-briefing
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill serves its stated purpose of generating business briefings without any detected malicious patterns or unauthorized activities.
- [NO_CODE]: The skill consists entirely of instructional markdown without accompanying scripts, binaries, or executable code, which significantly reduces the attack surface.
- [PROMPT_INJECTION]: The skill processes untrusted external content from news sources and competitor updates. Ingestion points: Fetches industry news from platforms like Naver, WSJ, and Bloomberg. Boundary markers: Absent; no instructions are provided to the agent to ignore potentially malicious directives within the fetched articles. Capability inventory: Ability to write markdown reports to the .moai/briefings/ directory. Sanitization: Absent; the skill does not specify filtering or validation for gathered content.
- [DATA_EXFILTRATION]: Accessing .moai/config.json and writing to .moai/briefings/ are standard behaviors for this skill and align with the expected vendor resource patterns for 'modu-ai'.
Audit Metadata