weekly-digests
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
node -eto execute inline JavaScript for port resolution and performs various shell operations for project detection and file management. It also dynamically generates and executes a Python script (split-timeline.py) to partition data into weekly intervals. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes and summarizes historical project data, including raw user prompts and session content, which are interpolated into subagent contexts.
- Ingestion points: Historical data is retrieved from a local API at
http://localhost:${WORKER_PORT}/api/context/injectand stored in.scratch/cm-timeline.md. - Boundary markers: The skill uses basic Markdown headers to separate history data but lacks explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent can execute shell commands and launch subagents with general-purpose capabilities.
- Sanitization: There is no evidence of content filtering or sanitization of the project history before it is passed to agents.
Audit Metadata