univer-worklog-auto
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is instructed to "bootstrap Univer dependencies if missing", which implies the execution of shell commands to set up the environment or install necessary software packages.- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes untrusted data from multiple external sources to generate worklog summaries.
- Ingestion points: External evidence is collected from Git, GitHub, Codex, and workbuddy as described in SKILL.md.
- Boundary markers: No delimiters or "ignore embedded instructions" markers are defined for the processed data.
- Capability inventory: The skill can write worklog rows and perform auto-submissions to the Univer system.
- Sanitization: There is no evidence of content sanitization or validation before the data is interpolated into the prompt.
Audit Metadata