skills/wcof/pmskill/pm-refine/Gen Agent Trust Hub

pm-refine

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted 'materials' (e.g., user feedback, meeting minutes, code scans) to produce its output.
  • Ingestion points: Materials are read from the docs/pm-context/collect/ directory.
  • Boundary markers: The instructions do not define robust delimiters or 'ignore' directives to isolate external content from the agent's core instructions.
  • Capability inventory: The skill is capable of performing filesystem write operations to docs/pm-context/pm-context.md and tracking files in the .loop/ directory.
  • Sanitization: There is no evidence of sanitization or structural validation for the ingested materials, although the 'Audit Triplet' system provides some traceability of data origin.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 01:10 AM
Security Audit — agent-trust-hub — pm-refine