utility-pm-skill-auditor
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script (
bash scripts/pre-tag-validate.sh) to run validation tools as part of the audit process. This is the primary mechanism for enforcing repository standards.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where it reads the contents of an external file (subagents/pm-skill-auditor.md) and treats the text as system instructions for the current session. This behavior is the intended functional mechanism for dispatching logic on non-Claude clients.\n - Ingestion points:
subagents/pm-skill-auditor.md(operating instructions) anddocs/internal/release-plans/v2.16.0/spec_pm-skill-auditor.md(check catalog).\n - Boundary markers: Absent. The agent is instructed to execute the file body directly.\n
- Capability inventory: The agent can read files across the repository and execute bash scripts via
scripts/pre-tag-validate.sh.\n - Sanitization: Absent. The skill relies on the integrity of the local repository files.
Audit Metadata