Skills
skills/0froq/skills/start-my-week/Gen Agent Trust Hub

start-my-week

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the 'simple-git' library to interact with the local repository, performing operations such as adding files and creating commits within the project workspace.
  • [DATA_EXFILTRATION]: The skill is designed to synchronize local planning documents with a remote Git repository using 'git push'. This involves transmitting user-generated content from the 'docs/' directory to the configured 'origin' remote.
  • [PROMPT_INJECTION]: The skill identifies and processes 'status signals' from user-created markdown files located in 'docs/corpus/'. This data ingestion surface presents a minor risk for indirect prompt injection if the source files contain adversarial instructions.
  • Ingestion points: reads from docs/corpus/**/*.md and docs/dashboard/visions/ via the readContext and readCorpusSignals functions.
  • Boundary markers: Uses specific YAML markers # AI-WEEK-PLAN-START and # AI-WEEK-PLAN-END to delineate generated content.
  • Capability inventory: File system write access via writeFileSync to docs/dashboard/ and network capability via simple-git push.
  • Sanitization: Lacks explicit sanitization of text ingested from the corpus before it is processed by the assistant for summary generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 07:59 AM