fukugyo-timecard
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the user's Chrome browsing history to complement work logs. Browser history is a sensitive data source that reveals private browsing habits, internal URLs, and metadata about user activities.
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/timecard.pyand passes data retrieved from Slack via theFUKUGYO_SLACK_DATAenvironment variable. This pattern is vulnerable to command injection or shell-based attacks if the external data from Slack contains malicious payloads and is not strictly sanitized before being placed into the environment. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from Slack messages using the
slack_get_channel_historytool. This data is then used to determine check-in and check-out times. Ingestion points: Slack messages from specified channels. Boundary markers: None used to isolate Slack data from script logic. Capability inventory: Accesses sensitive local files (Chrome DB) and executes subprocesses (Python). Sanitization: No evidence of sanitization or input validation for message content before processing.
Audit Metadata