collect-incomplete-tasks
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from local Markdown files, which serves as an ingestion point for indirect prompt injection. Maliciously crafted tasks in previous daily notes could potentially influence the agent's behavior during the summarization process.
- Ingestion points: Files located in the 'Calendar/Daily notes/' directory are read to extract tasks.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided for the input data being processed.
- Capability inventory: Uses a 'Grep' tool to search and read local files, and has permission to write aggregated content to the user's current Daily note.
- Sanitization: There is no evidence of sanitization or content validation performed on the strings extracted from notes before they are aggregated and written to the destination file.
Audit Metadata