morning-briefing
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses a sensitive local file path at
~/.config/notion/api_keyto retrieve the user's Notion API key. While this is necessary for the skill's primary functionality, accessing credential files in the home directory is a sensitive operation. - [COMMAND_EXECUTION]: Executes shell commands including
remindctl,curl, andjqin thescripts/generate-briefing.shfile to aggregate and process data. - [DATA_EXFILTRATION]: Communicates with the external Notion API (
api.notion.com) to retrieve task data. This is a well-known service, and the operation is consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill ingests untrusted data from Apple Reminders and Notion, which provides a surface for indirect prompt injection.
- Ingestion points: The script
scripts/generate-briefing.shreads data from the output ofremindctland the JSON response from the Notion API. - Boundary markers: Absent; the ingested data is not delimited or wrapped in instructions to prevent the agent from following embedded commands.
- Capability inventory: The skill has access to shell execution and network operations through
scripts/generate-briefing.sh. - Sanitization: Absent; the script performs basic formatting using
awkandjqbut does not sanitize or escape content to prevent malicious instructions from influencing the agent's logic.
Audit Metadata