project-manager
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions to 'Ignore Claude-specific mode-switch instructions' and mandates a 'Strict execution contract', which are explicit attempts to override the agent's default safety guidelines and operational constraints.
- [COMMAND_EXECUTION]: The skill contains a 'Subagent authorization' clause that attempts to grant automatic permission for the use of the
spawn_agenttool, potentially bypassing manual user verification steps for autonomous agent behavior. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from project files (e.g.,
team-artifacts/pbis/,docs/project-config.json) without sanitization or boundary markers. (1) Ingestion points:team-artifacts/pbis/,docs/project-config.json, and files withindocs/project-reference/. (2) Boundary markers: Absent. (3) Capability inventory:spawn_agenttool usage and extensive file system read/write access. (4) Sanitization: Not implemented.
Audit Metadata