pm-skill-creator
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted user input (raw notes, frameworks, and content) and using it to influence agent tasks such as searching existing local skill files and generating documentation drafts.
- Ingestion points: User-provided material collected in Question 1 ('What's the Raw Material?') and Question 4 ('Key Content') in
SKILL.md. - Boundary markers: No explicit delimiters or boundary markers are used to isolate user-provided content from the agent's internal instructions during processing.
- Capability inventory: The skill instructs the agent to search existing skills (file system read) and generate a complete markdown draft (content generation).
- Sanitization: There is no evidence of input validation or sanitization applied to the user-provided content before it is processed by the agent or included in the generated output.
Audit Metadata