scrum-master
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted JSON data containing user-generated text (such as story titles and retrospective feedback) which is interpolated into analytical reports processed by the agent.
- Ingestion points: User-provided sprint and retrospective data in JSON format, processed by all scripts in the
scripts/directory. - Boundary markers: Absent; data values from the JSON input are treated as raw strings and included in text-based reports without delimiters.
- Capability inventory: The included Python scripts are restricted to local data processing and reporting to standard output; they lack network access and do not perform file writes or system-altering commands.
- Sanitization: The scripts use the standard
jsonlibrary for parsing but do not perform sanitization or filtering of the content for potential instruction-carrying strings before outputting them.
Audit Metadata