pm-lead
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its intake of untrusted external data.
- Ingestion points: Stage 1 and Stage 2 in
SKILL.mdingest raw stakeholder notes, interview transcripts, CRM exports, customer support tickets, and external analyst reports. - Boundary markers: The skill instructions do not define clear structural delimiters or use specific system instructions to ignore potential commands embedded in the external data sources before processing them through sub-skills.
- Capability inventory: The orchestrator manages a 'Product Intelligence Log' and invokes multiple specialized skills (stakeholder-intel, competitive-research, etc.) that process this untrusted data, allowing for potential multi-step poisoning of the planning cycle.
- Sanitization: There is no evidence of input validation, sanitization, or filtering mechanisms for the data collected from external systems or stakeholder inputs before it is incorporated into the LLM context.
Audit Metadata