Skills
skills/huytieu/cog-second-brain/comprehensive-analysis/Gen Agent Trust Hub

comprehensive-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Subagents execute gh CLI commands (e.g., gh pr list, gh api) to retrieve repository metrics, contributor activity, and pull request history.
  • [EXTERNAL_DOWNLOADS]: Fetches data from well-known services including GitHub, Slack, Linear, and PostHog via their respective APIs and MCP tools.
  • [DATA_EXFILTRATION]: Accesses local project data, including 00-inbox/MY-PROFILE.md and meeting notes in user-defined directories, to synthesize weekly reviews.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted external content.
  • Ingestion points: Pull request comments (GitHub), message threads (Slack), and issue descriptions (Linear).
  • Boundary markers: Absent; instructions do not include delimiters to separate external data from system instructions.
  • Capability inventory: The skill can write files to the local file system (path/to/briefs/), post highlights to Slack, and execute shell commands via gh CLI.
  • Sanitization: Absent; no explicit sanitization or filtering of external content before synthesis is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 11:30 AM