ljg-relationship
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the shell command
date +%Y%m%dT%H%M%Sto generate timestamps for organizing personal notes. This is a benign utility operation. - [DATA_EXPOSURE]: Analysis results containing sensitive personal details are written to the local directory
~/Documents/notes/. The skill does not perform any network operations or external exfiltration, meaning data remains on the user's local machine. - [PROMPT_INJECTION]: The skill processes user-provided relationship descriptions to generate file names and report content. This constitutes a surface for indirect prompt injection (e.g., potential path traversal if user-provided keywords are not sanitized by the agent), but it is a low-risk vulnerability inherent to the skill's functional purpose of note generation.
Audit Metadata