cja-executive-briefing

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the system open command in Phase 7 to display the generated HTML briefing file to the user.
  • [EXTERNAL_DOWNLOADS]: The HTML template in Phase 6 references font and styling assets from Google's official font services (fonts.googleapis.com and fonts.gstatic.com).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from CJA and interpolates it into an HTML template.
  • Ingestion points: Data is ingested through describeCja (Phase 1) and runReport (Phases 3 and 4) tool calls.
  • Boundary markers: None are present in the HTML template or instructions.
  • Capability inventory: The skill can write files to the /tmp directory and execute the open command.
  • Sanitization: No explicit sanitization or escaping of the ingested API data is defined before interpolation into the HTML report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 11:50 PM
Security Audit — agent-trust-hub — cja-executive-briefing