diary
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
fetch_diaries.py,prepare_context.py,master_diary_sync.py) and theqmdCLI tool via subprocess calls. These operations are intended for the skill's core functionality of managing and indexing diary entries within the user's project environment. - [DATA_EXFILTRATION]: The
sync_to_notion.pyscript transmits processed diary content to the official Notion API (api.notion.com). This behavior is consistent with the skill's stated purpose of cloud synchronization. Sensitive credentials (Notion token) are securely managed via user-defined environment variables. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from project files such as
README.mdanddiary/*.md(ingestion points). These inputs are processed by the agent during the fusion and extraction steps without explicit boundary markers or sanitization. However, the risk is low as the agent uses this data within a highly structured workflow restricted to logging and summarization. The skill maintains capabilities including file writes, command execution, and network synchronization to Notion.
Audit Metadata