devpilot-daily-toolkit
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/github_daily_report.pyexecutes thegh(GitHub) CLI usingsubprocess.run. This is an intended function of the skill to retrieve repository data (commits, pull requests, issues) for the authenticated user. The arguments are constructed using internal logic with specific JSON queries, which prevents arbitrary command injection. - [EXTERNAL_DOWNLOADS]: The skill performs several legitimate network requests to populate its data:
- Fetches real-time exchange rates from
cdn.moneyconvert.netinscripts/get_rate.py. - Retrieves New Zealand public holiday information from the Nager.Date API at
date.nager.atinscripts/get_holidays.py. - Aggregates news headlines and summaries from reputable RSS feeds (e.g., TechCrunch, BBC, MIT Technology Review) and well-known aggregators like
rsshub.appinscripts/fetch_news.py. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests and processes untrusted external data.
- Ingestion points:
scripts/fetch_news.py(external RSS feeds) andscripts/github_daily_report.py(GitHub commit messages and issue titles). - Boundary markers: None. The skill assembles the raw text from these sources for the agent to translate and summarize without explicit delimiters to isolate untrusted content.
- Capability inventory: The skill can execute the
ghCLI viasubprocess.runto read data from the user's GitHub account. - Sanitization:
scripts/fetch_news.pyperforms basic HTML tag removal using regex before processing the text. - Assessment: The risk is minimal as the ingested data (news and commit logs) is formatted for human reading and the agent is instructed to perform a specific translation and summarization task.
Audit Metadata