team-collaboration-standup-notes
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The implementation-playbook.md file provides patterns and a bash script for executing several CLI tools, including git, jira, and slack-cli, to orchestrate the collection and distribution of team updates.
- [DATA_EXFILTRATION]: The skill is designed to read sensitive local information from the user's Git commit history and Obsidian vault, which is then processed and transmitted to external communication platforms. While this behavior is tied to the primary skill purpose, it represents a substantial data exposure surface.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from external sources. 1. Ingestion points: Git commit messages, Jira ticket titles, Obsidian daily notes, and calendar events. 2. Boundary markers: Absent; the provided implementation examples do not use delimiters or instructions to ignore nested commands within the context. 3. Capability inventory: The orchestration logic employs shell command execution, network access via service-specific CLIs, and broad local file system access. 4. Sanitization: None detected; the system relies on direct interpolation of raw data into AI summarization prompts.
Audit Metadata