israeli-personal-assistant

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The provided script scripts/morning-brief.py requires the installation of external Python packages requests and python-dateutil. These are common, well-known libraries used for handling HTTP requests and date parsing.\n- [DATA_EXFILTRATION]: The skill performs network operations to fetch calendar information from hebcal.com. This is a well-known service for Jewish calendar data. No sensitive user information is transmitted during these requests, which are essential for the skill's primary function of providing holiday and date context.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).\n
  • Ingestion points: Untrusted data enters the agent's context through the tasks argument in scripts/morning-brief.py and via instructions in SKILL.md to process user-provided task lists.\n
  • Boundary markers: The daily brief output lacks explicit delimiters or instructions to the agent to disregard any commands that might be embedded within the user-supplied task text.\n
  • Capability inventory: The skill instructions recommend using it alongside other tools that possess file-writing and email-automation capabilities (e.g., gws-hebrew-email-automation), which could be targeted by an injection.\n
  • Sanitization: There is no evidence of input validation or sanitization of the task content before it is displayed in the generated brief template.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:15 PM
Security Audit — agent-trust-hub — israeli-personal-assistant