pm
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a structured workflow for tracking project progress using local markdown files such as TASK.md and KNOWLEDGE.md. It does not perform unauthorized network operations, access sensitive system credentials, or employ obfuscation techniques.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests data from local project files and processes user-supplied arguments without explicit sanitization. 1. Ingestion points: Local filesystem reads (docs/memory/, TASK.md, KNOWLEDGE.md) and the $ARGUMENTS placeholder. 2. Boundary markers: No specific delimiters or instructions to ignore embedded instructions are present. 3. Capability inventory: The skill can write to files using the TodoWrite tool. 4. Sanitization: No sanitization or validation logic is defined for the ingested content. This risk is considered inherent to the skill's primary function and does not indicate malicious intent.
Audit Metadata