backlog-technical-project-manager
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to create worker workspace clones and setup environments. Templates include mkdir, cd, and git clone, which are dynamically constructed using taskId variables derived from task records.
- [EXTERNAL_DOWNLOADS]: The skill manages dependencies using the bun package manager and updates repository remotes to the author's official GitHub repository at github.com/MrLesk/agents-council.git.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes task data and Backlog.md files that could contain hidden instructions. Ingestion points: Backlog.md and task metadata files located in backlog/tasks/*. Boundary markers: The skill does not define explicit delimiters to separate untrusted task content from instructions. Capability inventory: Shell command execution (git, bun, mkdir) and file system management. Sanitization: No input validation or escaping is specified for metadata used in workspace path construction.
Audit Metadata