tomorrow-plan-generator

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Vendor Resource Usage. The skill utilizes Model Context Protocol (MCP) services hosted on dashscope.aliyuncs.com. These are official Alibaba Cloud (aliyun) endpoints and are considered trusted resources for this author's skills.
  • [SAFE]: Indirect Prompt Injection Surface. The skill ingests untrusted data from the session context, specifically extraction of todo items and client lists from SKILL.md. No explicit boundary markers or sanitization routines are defined in the instructions. However, the capability inventory is limited to informational tools such as GetCurrentTime and GetTxnDayRange, which pose no significant risk of system compromise or data exfiltration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — tomorrow-plan-generator