Skills
skills/softaworks/agent-toolkit/daily-meeting-update/Gen Agent Trust Hub

daily-meeting-update

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill relies on local CLI tools such as gh, git, and jira to retrieve activity data. While these are standard developer tools, their invocation constitutes a command execution surface.
  • [DATA_EXPOSURE] (LOW): The skill accesses ~/.claude/projects to read session history files. This involves reading local developer activity logs which, although intended for the skill's functionality, is a form of sensitive data access.
  • [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface due to its ingestion of external data from GitHub (PR titles, commits) and Jira (ticket summaries). Evidence Chain: 1. Ingestion points: Data from GitHub and Jira integrations. 2. Boundary markers: Not specified in the documentation. 3. Capability inventory: Execution of subprocesses via CLI tools. 4. Sanitization: No explicit mention of input sanitization for external strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:34 PM