good-morning
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests data from local files and uses it to drive agent logic. * Ingestion points:
my-vault/02 Calendar/YYYY-MM-DD.md,my-vault/09 System/Templates/Daily Template.md, and.claude/learning-sessions/learning-plan.json. * Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded instructions. * Capability inventory:Bash(gh:*),Write, andEditallow for significant filesystem and remote impact. * Sanitization: None; the agent is directed to resolve template syntax and process file content directly. - [COMMAND_EXECUTION] (MEDIUM): The skill uses
Bash(gh:*)for GitHub CLI access. While intended for backfilling journal entries, this broad tool access could be exploited to exfiltrate sensitive journal data or manipulate remote repositories if the agent is influenced by malicious instructions found in the ingested files.
Recommendations
- AI detected serious security threats
Audit Metadata