daily-briefing-builder
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a series of shell commands (bash, awk, find, grep, etc.) to read local files and fetch data. This creates a potential surface for command injection if the user-provided 'vault_path' or 'city' inputs are not properly sanitized by the agent before being inserted into the script templates (e.g., within the PHASE 2 bash scripts in SKILL.md).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external markdown files located in the user's vault. Malicious instructions embedded in these files could attempt to influence the agent's briefing output or subsequent actions.
- Ingestion points: Processes content from daily-actions markdown files and files in the ready-to-post directory as described in both SKILL.md and SKILL-OC.md.
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in the source files before the agent processes them.
- Capability inventory: The agent utilizes the bash tool for command execution and curl for network requests.
- Sanitization: There is no explicit requirement for the agent to sanitize or filter the file content before including it in the final briefing output.
- [EXTERNAL_DOWNLOADS]: The skill fetches weather information from the well-known wttr.in service using curl. This involves sending a user-provided city string to an external domain.
Audit Metadata