daily-planner
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from multiple external platforms, creating a potential surface for indirect prompt injection.
- Ingestion points: External data enters the agent context via Google Calendar (GOOGLESUPER_LIST_EVENTS), Google Tasks (GOOGLESUPER_LIST_ALL_TASKS), Slack history (SLACK_FETCH_CONVERSATION_HISTORY), and Linear issues (LINEAR_SEARCH_ISSUES).
- Boundary markers: The skill instructions do not specify delimiters or 'ignore embedded instructions' warnings for the data ingested from these sources.
- Capability inventory: The skill possesses capabilities that could be targeted, including creating calendar events (GOOGLESUPER_CREATE_EVENT), updating tasks (GOOGLESUPER_UPDATE_TASK), and writing to the local filesystem (today.md).
- Sanitization: No explicit sanitization or validation logic is defined to prevent instructions embedded in external data from being processed as agent commands.
Audit Metadata