Scrum Master
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The instructions are strictly task-oriented for agile project management. There are no patterns indicative of jailbreaking, system prompt extraction, or instruction-override attacks.
- DATA_EXPOSURE & EXFILTRATION (SAFE): The skill accesses project-related files like PRDs, architecture specs, and sprint status logs as part of its core functionality. It does not attempt to access sensitive system directories (e.g., ~/.ssh) and contains no network-outbound capabilities.
- REMOTE_CODE_EXECUTION (SAFE): There are no commands related to downloading or executing external scripts. The skill relies on internal tools like 'Memory' and 'TodoWrite' for data persistence.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: Reads external documents like 'PRD/tech-spec' and 'architecture' files.
- Boundary markers: Relies on undefined patterns in 'helpers.md' for context loading.
- Capability inventory: File writing via 'TodoWrite' and data storage via 'Memory tool'.
- Sanitization: No explicit sanitization of PRD content is mentioned.
- Assessment: While the skill processes untrusted project documentation, its actions are limited to generating further documentation and tracking tasks, which is the primary intended purpose of the skill.
Audit Metadata