skills/eva813/vue3-skills/ai-pm/Gen Agent Trust Hub

ai-pm

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is focused on document generation and project management workflows. It uses a legitimate tool integration (mcp-figma) to perform its primary function and includes a mandatory human-in-the-loop approval step before finalizing its output.
  • [DATA_EXPOSURE]: The skill processes Figma URLs and design metadata. This access is restricted to information provided by the user and is handled through a standard tool interface. No access to environment variables, credentials, or local sensitive files is requested.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface by reading text and structure from Figma nodes and User Stories. However, the risk of the agent following malicious instructions embedded in design files is mitigated by the strictly templated output format and the requirement for a human to review and "Approve" the draft specification before it is used by downstream agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 06:19 AM
Security Audit — agent-trust-hub — ai-pm