univer-worklog-auto

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is instructed to "bootstrap Univer dependencies if missing", which implies the execution of shell commands to set up the environment or install necessary software packages.- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes untrusted data from multiple external sources to generate worklog summaries.
  • Ingestion points: External evidence is collected from Git, GitHub, Codex, and workbuddy as described in SKILL.md.
  • Boundary markers: No delimiters or "ignore embedded instructions" markers are defined for the processed data.
  • Capability inventory: The skill can write worklog rows and perform auto-submissions to the Univer system.
  • Sanitization: There is no evidence of content sanitization or validation before the data is interpolated into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:59 PM
Security Audit — agent-trust-hub — univer-worklog-auto