scrum-master-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data exports from external project management tools. A malicious file could attempt to influence the agent's logic or summaries.
- Ingestion points:
parse_input.pyprocesses user-uploaded JSON, CSV, and YAML files. - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present in the parsing logic.
- Capability inventory: Data analysis, reporting, and optional notification via webhooks.
- Sanitization: Employs
yaml.safe_load()which prevents basic code execution during parsing. - [EXTERNAL_DOWNLOADS] (SAFE): The skill depends on the
PyYAMLlibrary for configuration and data parsing. It correctly usesyaml.safe_load()to mitigate risks associated with untrusted YAML payloads. - [DATA_EXFILTRATION] (SAFE): The skill features documented support for Slack and Microsoft Teams webhooks for notifications. These are user-configured via environment variables or a local config file. No hardcoded credentials or unauthorized data exfiltration mechanisms were detected.
- [COMMAND_EXECUTION] (SAFE): The
detect_context.pyhelper script retrieves environment variables and terminal metadata (e.g.,shutil.get_terminal_size) to optimize the UI. It does not execute arbitrary shell commands or access sensitive system paths.
Audit Metadata