delivery-manager
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates delivery management tasks using local Python scripts and markdown instructions. A technical audit of the provided scripts (
delivery_metrics_tracker.py,dependency_mapper.py, andrisk_register.py) confirms they are limited to data processing and reporting tasks using standard Python libraries. No evidence of malicious network communication, credential theft, or unauthorized file modifications was found. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes user-supplied JSON data that is then presented to the agent for analysis.
- Ingestion points: Data files loaded via command-line arguments in
scripts/delivery_metrics_tracker.py,scripts/dependency_mapper.py, andscripts/risk_register.py. - Boundary markers: Absent. There are no explicit delimiters defined in the skill instructions to separate external tool outputs from system prompts.
- Capability inventory: The included scripts do not contain any dangerous capabilities such as
eval(),exec(),subprocesscalls, or network operations. - Sanitization: The scripts parse JSON structure but do not sanitize or filter the content of natural language fields before they enter the agent's context.
Audit Metadata