Skills
skills/victorpay1/intelligems-analytics/intelligems-morning-brief/Gen Agent Trust Hub

intelligems-morning-brief

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Persistence Mechanisms (HIGH): The skill establishes persistence on the host system by creating a macOS LaunchAgent in Step 5.4. This allows scripts to run automatically without user intervention.\n
  • Evidence: SKILL.md Step 5.4 calls setup_automation.sh which is described as creating a macOS LaunchAgent.\n- Indirect Prompt Injection (MEDIUM): The skill prompts the user for a Slack Webhook URL and interpolates it directly into shell commands. This creates a vulnerability where malicious input could lead to command injection.\n
  • Ingestion points: User prompt for Slack Webhook URL in Step 5.\n
  • Boundary markers: Absent. The input is wrapped in double quotes in the script but not sanitized.\n
  • Capability inventory: Shell execution (bash, python3), file system modification (cp, echo).\n
  • Sanitization: Absent.\n- Data Exposure (LOW): The skill stores and reads the INTELLIGEMS_API_KEY in a plaintext .env file. While local, this exposes credentials to any process with read access to the directory.\n
  • Evidence: SKILL.md Step 1.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:02 AM