project-manager

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes instructions to 'Ignore Claude-specific mode-switch instructions' and mandates a 'Strict execution contract', which are explicit attempts to override the agent's default safety guidelines and operational constraints.
  • [COMMAND_EXECUTION]: The skill contains a 'Subagent authorization' clause that attempts to grant automatic permission for the use of the spawn_agent tool, potentially bypassing manual user verification steps for autonomous agent behavior.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from project files (e.g., team-artifacts/pbis/, docs/project-config.json) without sanitization or boundary markers. (1) Ingestion points: team-artifacts/pbis/, docs/project-config.json, and files within docs/project-reference/. (2) Boundary markers: Absent. (3) Capability inventory: spawn_agent tool usage and extensive file system read/write access. (4) Sanitization: Not implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:53 PM
Security Audit — agent-trust-hub — project-manager