The Agent Skills Directory

[Data Exposure & Exfiltration] (MEDIUM): The skill is designed to aggregate and transmit highly sensitive, cross-platform information.
Evidence: Accesses Google Calendar events, Gmail/Outlook highlights, GitHub PR/CI status, and local task files.
Destination: Transmits aggregated sensitive data to external third-party platforms including Telegram, Slack, WhatsApp, and Discord.
Severity Note: Although this is the intended purpose, the aggregation of diverse sensitive data into a single outgoing stream increases the impact of any potential data leak or unauthorized access.
[Persistence Mechanisms] (MEDIUM): The skill implements automated and recurring execution of its logic.
Evidence: Instructs the agent to configure cron jobs (e.g., 0 7 * * 1-5) via the OpenClaw cron system to deliver briefings automatically.
Severity Note: Persistence is a primary feature for a briefing tool, but it ensures that the agent's data-gathering and transmission capabilities remain active across sessions.
[Indirect Prompt Injection] (LOW): The skill has a high attack surface for indirect injection as it processes content from untrusted sources.
Ingestion points: Gmail unread message summaries, GitHub PR comments, and RSS news feeds.
Boundary markers: Absent. There are no instructions to the agent to treat external content as untrusted or to ignore embedded instructions within these sources.
Capability inventory: Network transmission to external messaging webhooks and reading local configuration/task files.
Sanitization: Absent. The skill does not define any sanitization or validation logic for the content pulled from external sources before it is processed by the LLM.
[Command Execution] (LOW): The skill utilizes command-line tools and network operations for data retrieval.
Evidence: Uses curl to fetch weather data from public APIs and utilizes gh (GitHub CLI) and gog (Google CLI) for data access.

daily-briefing-hub