morning-briefing
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes untrusted data from external sources to generate the briefing.
- Ingestion points: Fetches unread emails via Gmail (Step 3), calendar events via Google Calendar (Step 2), and news via web search (Step 4).
- Boundary markers: Absent. The briefing composition instructions in Step 5 do not provide delimiters or 'ignore' instructions to the model regarding content found within the fetched data.
- Capability inventory: The skill has the capability to send emails and SMS messages to the user and to execute a local Python script for database queries.
- Sanitization: Absent. The skill does not perform any validation or sanitization on the text retrieved from emails or search results before including it in the final delivery.
Audit Metadata