today
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The skill instructs the user to set up a cron job (
crontab -e) to execute a local script (daily_today.sh) on a schedule. Although this is documented functionality for its automation features, setting up persistent execution paths is a sensitive system modification. - Indirect Prompt Injection (LOW): The skill processes potentially untrusted data from several sources, which could contain malicious instructions designed to influence the agent's summary or behavior.
- Ingestion points: Git commit messages (from the last 24h),
TODO.md,TASKS.md, and files withinspecs/modules/. - Boundary markers: Absent; the summary templates do not include delimiters or warnings to ignore instructions within the ingested text.
- Capability inventory: The skill writes to the file system (
logs/daily/) and facilitates command execution via the recommended cron setup. - Sanitization: None; the instructions do not specify any validation or escaping for the content extracted from git logs or task files.
- Command Execution (LOW): The skill directs the user to perform shell operations, specifically changing file permissions (
chmod +x) and modifying the system crontab, to enable its core features.
Audit Metadata