Skills
skills/taylorhuston/local-life-manager/weekly-review/Gen Agent Trust Hub

weekly-review

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from GitHub commit messages and local journal files. An attacker could craft a commit message that, when summarized, influences the agent's behavior during the review process. \n
  • Ingestion points: GitHub commit logs (via gh tool), journal entries in my-vault/, and project worklogs. \n
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands in the data it reads. \n
  • Capability inventory: Write, Edit, and restricted Bash. The agent can modify notes and memory files based on what it reads. \n
  • Sanitization: None. Data is read and summarized directly into the context.\n- Command Execution (LOW): The skill utilizes the Bash tool to perform date calculations and fetch GitHub data. Security risk is mitigated by the allowed-tools metadata which restricts bash usage to the gh and date binaries only, preventing arbitrary shell command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:33 AM