knearme-sprint-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill employs standard system utilities like
grep,cat, andheadto read task status from the localknearme-portfolio/todo/directory. These operations are limited to the local environment and are appropriate for the skill's stated purpose. - COMMAND_EXECUTION (SAFE): The skill references a local helper script
./.claude/skills/knearme-sprint-workflow/scripts/check_progress.shto automate progress checks. This script is an internal component and does not involve downloading or executing remote code. - PROMPT_INJECTION (SAFE): The ingestion of local project files was evaluated for indirect prompt injection risks. 1. Ingestion points:
knearme-portfolio/todo/*.mdfiles. 2. Boundary markers: Absent. 3. Capability inventory: Shell commands and sub-agent delegation. 4. Sanitization: Absent. The risk is assessed as SAFE because the agent uses specific pattern-matching (grep) for status markers rather than processing the files as executable instructions.
Audit Metadata