standup
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill retrieves personal location history from a remote repository ("laris-co/nat-location-data") to display the user's current location based on device tracking data.
- [DATA_EXFILTRATION]: The skill aggregates potentially sensitive data from the user's private "vault" (including focus documents, schedules, and retrospectives) and posts it as a comment to a shared GitHub Discussion repository ("laris-co/pulse-oracle").
- [PROMPT_INJECTION]: The skill processes untrusted external data from LINE messaging groups to extract appointments. Maliciously crafted messages in these groups could attempt to influence the agent's behavior during the summary generation or scheduling phase.
- Ingestion points: Output from the
line_digesttool in Step 7. - Boundary markers: Absent; the content is processed directly for date/time patterns without encapsulation or instructions to ignore embedded commands.
- Capability inventory:
gh api(write access to discussions),arra_schedule_add(calendar modification), and filesystem read access. - Sanitization: No evidence of sanitization or filtering for the external message content before it is incorporated into the standup body.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to interact with the filesystem (
cat,ls,readlink) and process data (grep,sed,cut,base64). - [EXTERNAL_DOWNLOADS]: The skill performs network operations using the GitHub CLI (
gh api) to fetch data from and post data to repositories outside of the author's identified vendor namespace.
Audit Metadata