morning-brief
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a structured workflow for data aggregation and reporting. It follows a predictable template and does not perform any sensitive system operations.
- [COMMAND_EXECUTION]: While the skill mentions calling other skills like
focus-keeperandpipeline-manager, these are treated as internal agent functions and do not involve raw shell command execution or subprocess spawning. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from potentially untrusted sources such as
outreach-feedback.jsonl(external responses) andpr-opportunities.json(found PR opportunities). - Ingestion points:
memory/outreach-feedback.jsonl,memory/pr-opportunities.json, andmemory/github-stars.json. - Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions embedded within these data sources.
- Capability inventory: The skill is limited to reading files and generating a text report. It performs logging to
autonomous-actions.jsonl, but has no network, file-deletion, or code execution capabilities. - Sanitization: Absent. Content is interpolated directly into the brief.
- Context: Because the output is a human-readable brief for a CEO and the skill lacks dangerous side-effect capabilities, this attack surface is considered low-risk and does not escalate the verdict.
Audit Metadata