daily-briefing
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its ingestion of external data.
- Ingestion points: Processes data from 'News Topics' (via web search) and external files like 'TODO.md' as specified in SKILL.md.
- Boundary markers: The instructions lack clear delimiters or prompt boundaries to isolate untrusted data from system instructions.
- Capability inventory: The agent has the capability to read local workspace files, perform web searches, and send messages to external messaging APIs.
- Sanitization: No explicit sanitization or content validation mechanisms are present for the processed external data.
- [COMMAND_EXECUTION]: The skill requires the execution of scheduling commands to enable proactive features.
- Evidence: Instructions in SKILL.md direct the user to use the
/croncommand to register the briefing task within the agent's environment. - [DATA_EXFILTRATION]: The skill's primary function involves sending internal data to external services.
- Evidence: It aggregates calendar details and priority tasks (sourced from local memory files) and transmits them to external messaging platforms such as Telegram or Discord.
Audit Metadata