timecamp
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill clones two external repositories (
timecamp-cliandgood-enough-timecamp-data-pipeline) fromgithub.com/timecamp-org. This organization is not on the pre-approved Trusted External Sources list. - [REMOTE_CODE_EXECUTION] (HIGH): The skill executes the downloaded code using
npm linkanduv run --with-requirements requirements.txt. This allows for arbitrary code execution from an untrusted external source. - [COMMAND_EXECUTION] (MEDIUM): The skill frequently uses subprocess calls and shell commands to manage repositories, install dependencies, and run analytics pipelines.
- [INDIRECT_PROMPT_INJECTION] (HIGH):
- Ingestion points: The skill ingests untrusted data from the TimeCamp API (entries, tasks, computer activities) via
dlt_fetch_timecamp.pyand processes it using DuckDB (SKILL.md). - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill possesses high-privilege capabilities including shell command execution (
git,npm,uv,duckdb) and file system access. - Sanitization: There is no evidence of sanitization or filtering of the external TimeCamp content (such as entry notes or task names) before it is processed by the agent or the database.
Recommendations
- AI detected serious security threats
Audit Metadata