visual-digest
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workspace skills utilize standard CLI tools for development and synchronization tasks.
- Evidence:
skylar-start-here/SKILL.mdexecutespnpmandgitcommands;github-sync/SKILL.mduses thegh(GitHub) CLI. - [EXTERNAL_DOWNLOADS]: Development setup and synchronization skills perform remote downloads from trusted registries and repositories.
- Evidence:
skylar-start-here/SKILL.mdrunspnpm installandgit submodule update. These target the official pnpm registry and the project's own submodules. - [DATA_EXFILTRATION]: Various skills aggregate workspace data and transmit it to external productivity platforms. All destinations are well-known technology services.
- Evidence:
notion-sync/SKILL.md(Notion),linear-sync/SKILL.md(Linear),activity-reporter/SKILL.md(Slack, Gmail, HubSpot). These operations are neutral and serve the primary purpose of the workspace. - [PROMPT_INJECTION]: The system processes untrusted data from external sources, which constitutes an indirect prompt injection surface.
- Ingestion points:
activity-reporter/SKILL.mdprocesses content from Slack, Gmail, GitHub PRs, and Linear issues;research-analyst/SKILL.mdanalyzes call transcripts and research notes. - Boundary markers: The skills primarily use structured JSON output formats and clear section headers to demarcate untrusted data from instructions.
- Capability inventory: The agent can execute commands (
gh,pnpm,git) and perform network writes to Slack, Notion, Linear, and HubSpot. - Sanitization: Explicit sanitization or filtering logic for external content is not visible in the provided instruction files.
Audit Metadata