content-calendar
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from an external file (
content-calendar.md) which could be modified by users or other processes. This creates a surface for indirect prompt injection if malicious instructions are embedded within the calendar data. - Ingestion points: The agent reads
content-calendar.mdandCLAUDE.mdin Phase 1 to load the current state and project rules. - Boundary markers: The skill uses structural markdown headers for parsing but lacks explicit delimiters or instructions to ignore embedded natural language commands within the parsed content.
- Capability inventory: The skill utilizes
Bash,Write,Edit, andGreptools, providing a capability set that could be exploited if an injection is successful. - Sanitization: There is no explicit sanitization of topic titles or metadata before they are displayed in the dashboard or re-written to the file system.
Audit Metadata