senior-pm
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill. The provided content consists of legitimate project management documentation, templates, and analytical scripts.
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (
scripts/project_health_dashboard.py,scripts/risk_matrix_analyzer.py, andscripts/resource_capacity_planner.py) to process project data. These scripts use standard Python libraries for data processing and do not perform any dangerous operations such as network access, arbitrary shell command execution, or unauthorized file system modifications. - [PROMPT_INJECTION]: The instructions and project management templates follow standard professional methodologies. There are no attempts to bypass safety filters, extract system prompts, or override agent behavior.
- [DATA_EXFILTRATION]: The skill does not contain hardcoded credentials, access sensitive system paths, or perform network operations. All data processing is confined to the local environment using provided JSON assets.
- [SAFE]: The skill possesses a minimal indirect prompt injection surface as it processes project data from JSON files. However, the analysis scripts lack any exploitable capabilities (such as network access or file writes), making this surface a non-issue.
- Ingestion points: Local JSON data files (e.g.,
assets/sample_project_data.json). - Boundary markers: None explicitly defined.
- Capability inventory: Local mathematical calculation and text report generation only.
- Sanitization: Standard JSON parsing and basic type validation within the Python scripts.
Audit Metadata