vault-closeday
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes the GitHub CLI (gh) to fetch commit history. This is a legitimate use of a tool associated with a well-known service for the skill's primary purpose.
- [PROMPT_INJECTION]: The skill processes data from GitHub commit messages and user brain dumps. 1. Ingestion points: GitHub API responses and user input. 2. Boundary markers: No specific delimiters are used to wrap external content. 3. Capability inventory: Appends content to local markdown files in the user's vault. 4. Sanitization: No explicit sanitization or filtering is applied to external data before interpolation.
Audit Metadata