task-planning
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions focus exclusively on agile methodology and task decomposition templates. There are no attempts to override system prompts, bypass safety filters, or use adversarial role-play patterns.
- [DATA_EXFILTRATION]: No network-enabled commands (curl, wget, fetch) or sensitive file system access patterns are present. The mention of services like SendGrid and PostgreSQL in the technical notes section are strictly part of illustrative examples for user stories and do not represent active connections or credential usage.
- [CREDENTIALS_UNSAFE]: Analysis of the markdown and toon files revealed no hardcoded API keys, tokens, or passwords. All identifiers used (e.g., #123, #101) are mock ticket numbers used for demonstration purposes.
- [REMOTE_CODE_EXECUTION]: The skill consists entirely of static Markdown and descriptive text. There are no scripts, package installations, or dynamic execution patterns (eval, exec) that could facilitate remote code execution.
- [COMMAND_EXECUTION]: There are no shell commands, subprocess calls, or system-level operations defined within the skill files.
- [EXTERNAL_DOWNLOADS]: The skill includes documentation links to Atlassian and ProductPlan. These are well-known, trusted industry resources for agile methodology and do not involve downloading executable content or scripts.
Audit Metadata