hyday-whiteboard
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from note files and whiteboard JSON structures. 1. Ingestion points: The
listWhiteboardItemstool reads the existing board state, and note content is read to create card previews. 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the skill's instructions and potentially malicious content within notes. 3. Capability inventory: The skill has the capability to modify the whiteboard's storage file and manage all board items through various MCP tools. 4. Sanitization: There is no evidence of content sanitization or validation of external input before it is processed by the agent. - [SAFE]: The skill references application-specific configuration files (
settings.json) to automatically locate the user's data vault. These paths are specific to the Hyday application and do not involve sensitive system-level credentials or private user data. - [SAFE]: The documentation includes standard, one-time setup instructions using the npm package manager for a local component of the skill. This does not represent a runtime remote code execution risk.
Audit Metadata