commitment-scan
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on an external dependency, the commitment-detection MCP server, which is required for scanning and processing commitments.
- [DATA_EXFILTRATION]: The skill includes functionality to send usage data to an external service via the track_event tool. While it explicitly mentions this only occurs if the user has opted in for analytics, it represents a path for data to leave the local environment.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and processes untrusted text from external applications like Slack, Gmail, and Teams. Ingestion points: Screen data is captured and processed via the scan_for_commitments function. Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded in the captured text. Capability inventory: The agent has capabilities to create tasks (create_task), track usage (track_event), and modify commitment states (process_commitment). Sanitization: There is no evidence of sanitization or filtering of the captured screen content before it is presented to the LLM.
- [COMMAND_EXECUTION]: The documentation instructs users to execute shell commands such as screenpipe, pgrep, and curl for service management and troubleshooting.
Audit Metadata