scrum-master
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes local Python scripts for analyzing sprint data. These scripts are self-contained, use only standard library modules, and do not perform any risky operations such as network requests or sensitive file access.\n- [PROMPT_INJECTION]: The skill processes user-supplied data (sprint metrics, story titles, and retrospective feedback) which provides a surface for indirect prompt injection. While the scripts handle data as structured JSON, the agent interprets the textual analysis, which could contain instructions from a malicious data source.\n
- Ingestion points: Sprint data JSON files are ingested and processed by scripts in the
scripts/directory.\n - Boundary markers: None identified; the output of the analysis scripts is directly presented to the agent.\n
- Capability inventory: The skill allows execution of local Python analysis scripts. No network tools or privileged system commands are involved.\n
- Sanitization: The tool uses standard JSON parsing, but there is no specific sanitization for natural language text fields before they are output for agent review.
Audit Metadata