pm-skills
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill suite has a vulnerability surface for indirect prompt injection because it is designed to ingest and analyze untrusted external data.
- Ingestion points: The
meeting-analyzerskill (meeting-analyzer/SKILL.md) scans for and processes meeting transcripts in multiple formats (.txt, .md, .vtt, .srt, .docx, .json). Additionally, thescrum-masterskill (scrum-master/SKILL.md) processes sprint data exported from external tools into JSON format. - Boundary markers: The instructions do not explicitly mandate the use of boundary markers or clear delimiters when processing these files, nor do they include warnings for the agent to ignore any natural language instructions that might be embedded within the transcripts or JSON data.
- Capability inventory: The suite has extensive capabilities, including creating, reading, and updating Jira issues and Confluence pages via Model Context Protocol (MCP) tools, and executing local Python scripts for statistical analysis.
- Sanitization: The instructions lack requirements for the agent to sanitize or escape the content extracted from external files before using it in further prompts or operations.
Audit Metadata