Skills
skills/psycho-baller/ai-agents-config/letterly-automation/Gen Agent Trust Hub

letterly-automation

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/workflow.py script orchestrates the automation by using subprocess.run to execute exporter.py, processor.py, and linker.py as separate Python processes.\n- [EXTERNAL_DOWNLOADS]: The scripts/exporter.py script utilizes Playwright to automate the download of a CSV export from web.letterly.app. This is the intended primary function of the skill.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external transcription data.\n
  • Ingestion points: scripts/processor.py reads transcription text and titles from the downloaded CSV files.\n
  • Boundary markers: The transcription content is wrapped in standard Markdown frontmatter but lacks explicit 'ignore instructions' delimiters for the body text.\n
  • Capability inventory: The skill has the ability to read the local .nexus/cache.db database, write/move files within the vault, and interact with external websites via an automated browser.\n
  • Sanitization: Filenames are sanitized using regex in scripts/processor.py, but the transcription content itself is not sanitized or escaped before being written to the vault.\n- [DATA_EXPOSURE]: The scripts/linker.py script reads from a local SQLite database (.nexus/cache.db) to retrieve note metadata and embeddings for semantic linking.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 01:30 PM