backlog-curator
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages state exclusively through a local
.pm/backlog/items.yamlfile and does not attempt to access sensitive system directories, environment variables, or user credentials. - [SAFE]: The included analysis script
scripts/analyze_backlog.pyemploys secure coding practices, specifically usingyaml.safe_load()to parse configuration and data files, which prevents arbitrary code execution vulnerabilities common in YAML deserialization. - [SAFE]: There is no evidence of prompt injection, code obfuscation, or persistence mechanisms in the instructions or the accompanying Python code.
- [SAFE]: While the skill ingests and processes task descriptions (untrusted data), it only performs keyword matching and regex extraction for metadata scoring, with no high-risk capabilities like shell execution or network exfiltration triggered by this content.
Audit Metadata