backlog
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill definition is limited to metadata and instructional triggers for backlog management. No evidence of credential harvesting, unauthorized network access, or command execution was found.
- [NO_CODE]: The provided file does not include active code or scripts. It references an assembly process where logic from an external file (
logic.md) is spliced into the skill during installation, but no dangerous commands are present in the manifest itself. - [PROMPT_INJECTION]: The skill is designed to ingest and process external backlog data from sources like GitHub Issues or Jira, which presents a surface for indirect prompt injection.
- Ingestion points: Processes data from external project tracking tools (GitHub, Jira, Linear) and markdown files.
- Boundary markers: The manifest does not define specific delimiters or instructions to ignore embedded commands in the processed backlog items.
- Capability inventory: Includes read-only auditing (
/backlog-audit) and write capabilities (/backlog-fix) for repairing structural defects. - Sanitization: No explicit sanitization or validation logic is defined in the manifest for the external content being processed.
Audit Metadata