pmo-status
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates by reading project-specific trackers such as
PRD-PIPELINE.md,fix_plan.md, and directory inventories to generate a structured status report. This behavior is consistent with its stated project management purpose. - [PROMPT_INJECTION]: The skill incorporates content from external markdown files into the agent's context without explicit boundary markers. While this creates a surface for indirect prompt injection if those files contain malicious instructions, it is a low-risk architectural pattern inherent to data aggregation tools.
- [DATA_EXPOSURE]: The skill reads a local
project.conffile to resolve directory names. It does not target sensitive system locations, environment variables, or credential stores.
Audit Metadata