Skills
skills/twwch/openskills/weekly-report-to-annual/Gen Agent Trust Hub

weekly-report-to-annual

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • CREDENTIALS_UNSAFE (LOW): The skill's fetch_emails script (defined in SKILL.md) requires an email address and password as arguments. Passing secrets as command-line arguments is a known security risk as they can be visible in process monitoring tools.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes external email data.
  • Ingestion points: fetch_emails.py (referenced in SKILL.md) retrieves content from external emails.
  • Boundary markers: Absent; the template does not specify delimiters or warnings to separate untrusted email content from agent instructions.
  • Capability inventory: save_report.py allows writing to the local filesystem.
  • Sanitization: No sanitization logic is present in the provided scripts to filter or escape malicious instructions within emails.
  • COMMAND_EXECUTION (LOW): The save_report.py script allows the agent to write arbitrary content to user-defined paths using Path.expanduser(). While restricted by system-level user permissions, this capability allows for arbitrary file creation or overwriting if the agent is misled.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:43 PM