personal-standup-prep
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the One Horizon MCP for data retrieval, which is a resource owned by the vendor onehorizonai.
- [SAFE]: No malicious patterns, hardcoded credentials, or unauthorized system access commands were detected. The skill utilizes the developer's own infrastructure.
- [NO_CODE]: The skill consists exclusively of markdown instructions and metadata, with no scripts or binaries included.
- [PROMPT_INJECTION]: The skill processes external task data (completed tasks, initiatives, blockers), creating a vulnerability surface for indirect prompt injection. 1. Ingestion points: External data enters through tool parameters in the SKILL.md instructions. 2. Boundary markers: No delimiters are specified to isolate external data from instructions. 3. Capability inventory: No dangerous capabilities like shell access or file writing are defined. 4. Sanitization: No input validation or filtering is described.
Audit Metadata