progress-manager
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading content from progress files and treating it as task context.
- Ingestion points: The skill reads from the 'docs/progress/' directory during the 'resume' operation.
- Boundary markers: Content from progress files is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: File system read and write access is required; no network or shell execution capabilities are defined.
- Sanitization: There is no process for sanitizing or validating the contents of the Markdown files before they are processed.
Audit Metadata