Skills
skills/phuetz/code-buddy/personal-assistant/Gen Agent Trust Hub

personal-assistant

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses run_shell_command to execute system scheduling utilities such as schtasks on Windows and at or cron on Unix-based systems to manage user reminders.
  • [COMMAND_EXECUTION]: The skill attempts to execute a local Python script at scripts/calendar.py via run_shell_command to facilitate agenda synchronization.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the processing of untrusted data from external sources.
  • Ingestion points: The agent reads and processes email content for categorization and drafting, and fetches external web content using google_web_search and web_fetch.
  • Boundary markers: There are no instructions providing clear delimiters or directives to ignore embedded commands in the processed external text.
  • Capability inventory: The skill has access to powerful tools including run_shell_command for system-level execution and save_memory for persistent state storage.
  • Sanitization: The skill instructions do not specify any validation, filtering, or sanitization of the data retrieved from external communications or web searches.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 07:14 AM
Security Audit — agent-trust-hub — personal-assistant