tgravity-work-daily-report

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves a benign administrative purpose of organizing user natural language into daily reports. No malicious behaviors, obfuscation, or unauthorized network activity were detected.\n- [SAFE]: Data privacy is addressed through explicit instructions to filter out sensitive items like API keys, scanned documents, and credentials from the generated reports.\n- [SAFE]: The skill implements a controlled data persistence model, specifying a dedicated local directory and requiring the user to explicitly confirm any 'save' action.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted natural language data (user speech-to-text and chat history) to generate reports. However, the risk is minimal due to the skill's specific data-exclusion rules and the requirement for manual review and confirmation before data is written to the filesystem. Ingestion points: user natural language input described in SKILL.md. Boundary markers: absent. Capability inventory: filesystem write via agent tools. Sanitization: negative constraints against including API keys and sensitive PII.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 01:15 PM
Security Audit — agent-trust-hub — tgravity-work-daily-report