morning-briefing
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing untrusted data from external sources.
- Ingestion points: Data is pulled from unread/flagged emails, Slack direct messages, mentions, and news headlines in SKILL.md.
- Boundary markers: The instructions do not define delimiters or provide warnings to ignore embedded instructions within the fetched content.
- Capability inventory: The skill writes processed data to local files (briefing-YYYY-MM-DD.html) and posts summaries to an external Slack connector.
- Sanitization: No evidence of sanitization, escaping, or validation of the external content is present in the instructions.
- [DATA_EXFILTRATION]: The skill facilitates the aggregation of highly sensitive personal and professional data (emails, calendar, Slack) into a single local HTML file. While this is the intended functionality for the user, it creates a high-value target for data exposure on the local system.
- [COMMAND_EXECUTION]: To support the 'Running on a schedule' feature, the skill instructs the agent to set up recurring tasks using cron schedules. This involves execution of system-level commands to establish persistence for the briefing generation task.
Audit Metadata