Skills
skills/pwrdrvr/ghcrawl/project-manager/Gen Agent Trust Hub

project-manager

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh command-line tool via a Node.js script to interact with GitHub issues and project boards. This is consistent with its purpose of repository-local project management.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves issue and project metadata from GitHub's official services. These operations are essential for its synchronization functionality.
  • [PROMPT_INJECTION]: Analysis of potential indirect prompt injection surface: 1) Ingestion point: scripts/sync-work-items.mjs fetches GitHub data; 2) Boundary markers: Not used in synchronization logic; 3) Capability inventory: gh CLI for repo management, local file system writes; 4) Sanitization: No explicit sanitization of issue content. The surface is inherent to managing GitHub issues and is assessed as safe in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 07:03 PM