israeli-personal-assistant
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The provided script
scripts/morning-brief.pyrequires the installation of external Python packagesrequestsandpython-dateutil. These are common, well-known libraries used for handling HTTP requests and date parsing.\n- [DATA_EXFILTRATION]: The skill performs network operations to fetch calendar information fromhebcal.com. This is a well-known service for Jewish calendar data. No sensitive user information is transmitted during these requests, which are essential for the skill's primary function of providing holiday and date context.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).\n - Ingestion points: Untrusted data enters the agent's context through the
tasksargument inscripts/morning-brief.pyand via instructions inSKILL.mdto process user-provided task lists.\n - Boundary markers: The daily brief output lacks explicit delimiters or instructions to the agent to disregard any commands that might be embedded within the user-supplied task text.\n
- Capability inventory: The skill instructions recommend using it alongside other tools that possess file-writing and email-automation capabilities (e.g.,
gws-hebrew-email-automation), which could be targeted by an injection.\n - Sanitization: There is no evidence of input validation or sanitization of the task content before it is displayed in the generated brief template.
Audit Metadata