pm-refine
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted 'materials' (e.g., user feedback, meeting minutes, code scans) to produce its output.
- Ingestion points: Materials are read from the
docs/pm-context/collect/directory. - Boundary markers: The instructions do not define robust delimiters or 'ignore' directives to isolate external content from the agent's core instructions.
- Capability inventory: The skill is capable of performing filesystem write operations to
docs/pm-context/pm-context.mdand tracking files in the.loop/directory. - Sanitization: There is no evidence of sanitization or structural validation for the ingested materials, although the 'Audit Triplet' system provides some traceability of data origin.
Audit Metadata