scrum-master
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No override instructions, behavior bypasses, or system prompt extraction patterns were detected in the skill instructions.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or other secrets were found in the code, templates, or sample data.
- [DATA_EXFILTRATION]: No network operations (curl, wget, requests) or patterns of data exfiltration to external domains were detected.
- [REMOTE_CODE_EXECUTION]: No remote script execution patterns (e.g., pipe to bash) or external package downloads were found.
- [COMMAND_EXECUTION]: The provided Python scripts (velocity_analyzer.py, sprint_health_scorer.py, retrospective_analyzer.py) use only standard library modules and do not spawn dangerous subprocesses or execute shell commands.
- [DYNAMIC_EXECUTION]: No usage of eval(), exec(), or unsafe deserialization (like pickle) was found in any of the analysis scripts.
- [OBFUSCATION]: The code and documentation are in plain text with no Base64, hex-encoding, zero-width characters, or other obfuscation techniques.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided sprint data (JSON), the analysis scripts only perform statistical and keyword-based operations without passing data to dangerous sink functions or external network endpoints.
Audit Metadata