daily-summary
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script located at
~/.claude/scripts/daily-summary.sh. The specific behavior and safety of this script cannot be verified as its source code is not included in the skill definition. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted external data.
- Ingestion points: Data is ingested from
/tmp/daily-summary.json, which contains information gathered from external repositories (PR titles, issue comments, and commit messages). - Boundary markers: The instructions lack any delimiters or "ignore embedded instructions" warnings to prevent the AI from obeying malicious commands hidden in the ingested activity data.
- Capability inventory: The agent has permissions to execute local shell scripts and perform file system write operations in the user's home directory (
~/code/claude-log/). - Sanitization: There is no evidence of sanitization, escaping, or schema validation for the data returned by the helper script before it is processed by the agent.
Audit Metadata