loop-briefing
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local TypeScript library located at
${CLAUDE_PLUGIN_ROOT}/skills/_lib/pushover_core.tsusing thebunruntime to process and send briefings. - [DATA_EXFILTRATION]: By design, the skill extracts project-specific information including the current working directory, git branch, status, and recent commit history to transmit this data to the Pushover API. This is the primary function of the skill and is clearly described in the documentation.
- [COMMAND_EXECUTION]: The execution command specifically unsets proxy environment variables (
HTTPS_PROXY,HTTP_PROXY) to ensure the notification script establishes a direct connection to the external Pushover service. - [PROMPT_INJECTION]: The skill includes a 'Self-Evolving Skill' section that instructs the agent to modify the skill's own file (
SKILL.md) if it encounters issues or needs improvements. While intended for maintenance, this establishes a self-modification pattern based on agent experience.
Audit Metadata