team-collaboration-standup-notes
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it interpolates untrusted data from multiple sources into a prompt for AI summarization. \n
- Ingestion points: Untrusted data is retrieved from Git commit messages, Jira ticket titles/comments, and Obsidian vault notes as described in resources/implementation-playbook.md. \n
- Boundary markers: The AI prompt template in resources/implementation-playbook.md lacks delimiters or explicit instructions to prevent the model from following commands embedded within the ingested data. \n
- Capability inventory: The skill references capabilities to read local files via Obsidian MCP, execute shell commands (git, jira), and send updates via slack-cli. \n
- Sanitization: There is no evidence of input validation or sanitization before the data is passed to the AI model for processing. \n- [COMMAND_EXECUTION]: The implementation playbook provides a shell script template that executes various system CLI tools to gather and report data. \n
- Evidence: The bash script in resources/implementation-playbook.md executes git log, jira-cli, and slack-cli to perform its data orchestration tasks.
Audit Metadata