senior-pm
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function involves processing external, potentially untrusted project specifications.
- Ingestion points: Reads requirements from
ai/memory-bank/site-setup.mdto define agent behavior and task output. - Boundary markers: Absent. The instructions do not define delimiters or provide specific directives to ignore instructions or overrides contained within the specification file.
- Capability inventory: The agent has access to
bash,git, andFile ops(read/write), which could be leveraged if an injection in the specification influences agent actions. - Sanitization: Absent. The agent is instructed to quote and directly translate requirements from the specification into actionable tasks without validation.
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute shell commands and local scripts as part of its workflow.
- Evidence: The skill defines the use of
./qa-playwright-capture.shfor screenshot testing. - Context: While used for legitimate QA purposes, the execution of local scripts combined with the processing of untrusted specification data creates an attack surface where malicious arguments could be injected into the shell environment.
Audit Metadata