bujo
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of user-controlled markdown files during workflows such as Migration Review and Daily Reflection.
- Ingestion points: The agent reads data from files within the bujo/daily/, bujo/monthly/, and bujo/collections/ directories.
- Boundary markers: The instructions lack specific delimiters or warnings to ignore embedded instructions when reading from these files.
- Capability inventory: The agent has the ability to create directories, create or update markdown files, and execute shell-based grep commands.
- Sanitization: No explicit sanitization or validation of file content is performed before the agent acts upon the parsed data.
- [COMMAND_EXECUTION]: The skill uses the grep command to search for tasks and priorities across the bujo directory.
- Evidence: The skill executes commands like 'grep -rn "- [ ]" bujo/' to find incomplete tasks. While limited to searching, this involves direct interaction with the host shell.
Audit Metadata