tgravity-work-daily-report
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves a benign administrative purpose of organizing user natural language into daily reports. No malicious behaviors, obfuscation, or unauthorized network activity were detected.\n- [SAFE]: Data privacy is addressed through explicit instructions to filter out sensitive items like API keys, scanned documents, and credentials from the generated reports.\n- [SAFE]: The skill implements a controlled data persistence model, specifying a dedicated local directory and requiring the user to explicitly confirm any 'save' action.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted natural language data (user speech-to-text and chat history) to generate reports. However, the risk is minimal due to the skill's specific data-exclusion rules and the requirement for manual review and confirmation before data is written to the filesystem. Ingestion points: user natural language input described in SKILL.md. Boundary markers: absent. Capability inventory: filesystem write via agent tools. Sanitization: negative constraints against including API keys and sensitive PII.
Audit Metadata