Skills
skills/luisurrutia/skills/daily-meeting-update/Gen Agent Trust Hub

daily-meeting-update

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (prefixed with !) in the SKILL.md frontmatter to execute git and gh commands at load time for repository and user identification.
  • [COMMAND_EXECUTION]: Executes a bundled Python utility scripts/opencode_digest.py to extract session metadata from a local SQLite database at ~/.local/share/opencode/opencode.db.
  • [COMMAND_EXECUTION]: Runs a variety of shell commands including git, gh (GitHub CLI), acli (Atlassian CLI), fd, and find to traverse the local filesystem and interact with authenticated APIs.
  • [EXTERNAL_DOWNLOADS]: Fetches data from remote services including GitHub and Atlassian/Jira via official CLI tools and MCP (Model Context Protocol) integrations to populate the standup report.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it ingests untrusted data from external sources like PR titles and Jira ticket summaries. While it transforms this data into a final report, it lacks explicit sanitization or boundary markers to prevent the agent from obeying instructions embedded in that data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 02:25 PM