Skills
skills/donchitos/claude-code-game-studios/sprint-status/Gen Agent Trust Hub

sprint-status

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of various story files and sprint plans which could be modified by an attacker to influence the agent's behavior or output.
  • Ingestion points: The skill reads sprint plan files from production/sprints/ and scans story files referenced in those plans (SKILL.md sections 1 and 3).
  • Boundary markers: There are no explicit markers, delimiters, or system instructions provided to the agent to treat the content of these files as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill is limited to the Read, Glob, and Grep tools. It lacks capabilities for network communication, file writing, or command execution.
  • Sanitization: The skill does not perform any validation, filtering, or escaping of the content read from the files before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:16 AM
Security Audit — agent-trust-hub — sprint-status