secretary
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill reads and processes user-controlled data from files within its management directory.
- Ingestion points: Files in the .secretary/ directory (e.g., CLAUDE.md, inbox/, and todos/).
- Boundary markers: Absent. No explicit delimiters or instructions to ignore embedded commands are present in the templates.
- Capability inventory: File system read, write, and directory creation (mkdir).
- Sanitization: Absent. The skill does not specify validation or sanitization of content before processing it.
- [COMMAND_EXECUTION]: The skill utilizes the shell command mkdir -p to establish its directory hierarchy during the automatic generation phase.
Audit Metadata