pm

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a structured workflow for tracking project progress using local markdown files such as TASK.md and KNOWLEDGE.md. It does not perform unauthorized network operations, access sensitive system credentials, or employ obfuscation techniques.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests data from local project files and processes user-supplied arguments without explicit sanitization. 1. Ingestion points: Local filesystem reads (docs/memory/, TASK.md, KNOWLEDGE.md) and the $ARGUMENTS placeholder. 2. Boundary markers: No specific delimiters or instructions to ignore embedded instructions are present. 3. Capability inventory: The skill can write to files using the TodoWrite tool. 4. Sanitization: No sanitization or validation logic is defined for the ingested content. This risk is considered inherent to the skill's primary function and does not indicate malicious intent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:43 PM
Security Audit — agent-trust-hub — pm