Skills
skills/taylorhuston/local-life-manager/refresh/Gen Agent Trust Hub

refresh

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill ingests untrusted data from documentation and configuration files into the agent's context without any boundary markers or sanitization. The 'Silent operation' instruction further increases risk by preventing the user from reviewing the ingested content. \n
  • Ingestion points: shared/docs/**/*.md, CLAUDE.md, and JSON files in .claude/memories/. \n
  • Boundary markers: Absent; the skill explicitly forbids summarizing or listing the files read. \n
  • Capability inventory: Includes Bash (ls, date, git), Read, and Glob tools. \n
  • Sanitization: Absent. \n- Data Exposure (LOW): The skill accesses .claude/memories/about-taylor.md and git logs. These files contain user-specific profile data and repository history. Although accessed locally, they are introduced into the model's active context without explicit user confirmation per file. \n- Command Execution (SAFE): The use of Bash for date, ls, and git log is restricted to local metadata retrieval and is consistent with the skill's stated utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:31 PM