align-backlog
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill does not perform any network operations, exfiltration, or use obfuscated code. Its operations are limited to reading project documents and generating alignment reports within the local file system.\n- [PROMPT_INJECTION]: Potential surface for indirect prompt injection is present due to data ingestion.\n
- Ingestion points: Processes backlog items and strategy documents from
docs/backlog/anddocs/project-overview/(SKILL.md).\n - Boundary markers: Absent in current instructions; untrusted data is processed without explicit delimiters.\n
- Capability inventory: File system read and write permissions are used to create artifacts (SKILL.md).\n
- Sanitization: No sanitization of processed markdown content is specified in the skill behaviors.\n
- Mitigation: The skill requires user confirmation before making any changes to files or proposing destructive cuts, preventing automated exploitation of injected instructions.
Audit Metadata