Skills
skills/aaaaqwq/claude-code-skills/daily-rhythm/Gen Agent Trust Hub

daily-rhythm

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires installing several well-known and trusted Python packages for interacting with Google and Stripe APIs, including google-api-python-client and stripe.
  • [COMMAND_EXECUTION]: The documentation provides instructions for setting up system cron jobs to automate the generation of morning briefs and data synchronization. These commands are transparently disclosed and necessary for the core functionality of the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external sources (Google Tasks titles/notes, Calendar events, and Stripe subscription data).
  • Ingestion points: Data is fetched via sync-google-tasks.py and sync-stripe-arr.py and stored in memory/ JSON files.
  • Boundary markers: The provided scripts do not show any explicit delimiters or instructions to ignore embedded commands when processing this data into briefs.
  • Capability inventory: The skill performs file writes to the workspace and executes local scripts. It does not appear to use eval() or exec() on the fetched data.
  • Sanitization: No explicit sanitization or validation of the content within task titles or calendar events was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 05:15 AM