spark-recipe-end-of-day
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs automated retrieval of email and calendar metadata using the vendor's 'spark' command-line interface. These operations are limited to data retrieval and summarization, matching the skill's stated productivity purpose.
- [SAFE]: Indirect Prompt Injection Surface: The skill processes external data from emails and calendar events. While this is an attack surface, the risk is mitigated by the skill's read-only nature and lack of exploitable capabilities such as file writing or network requests.
- Ingestion points: Results from 'spark emails' and 'spark events' commands.
- Boundary markers: None present.
- Capability inventory: Restricted to data retrieval and summarization; no subprocess execution (beyond the spark tool), file modification, or network operations found.
- Sanitization: No content filtering or sanitization of email/calendar data is performed.
Audit Metadata