senior-pm
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides and executes local Python scripts (
scripts/project_health_dashboard.py,scripts/risk_matrix_analyzer.py, andscripts/resource_capacity_planner.py) to perform project analysis. These scripts are invoked via the CLI and operate on local JSON data files. They do not perform network operations or access sensitive system resources.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection (Category 8) within its data processing workflow.\n - Ingestion points: Project data is read from JSON files (e.g.,
assets/sample_project_data.json) which contain free-text fields like project names, descriptions, and risk titles.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the skill's instructions and the natural language content found within the data files.\n
- Capability inventory: The skill possesses the capability to run local analysis scripts and synthesize the output into executive reports, which is a typical pattern for processing untrusted data.\n
- Sanitization: The Python scripts do not perform sanitization or validation of the strings read from JSON files before outputting them for the agent's consumption, allowing for the possibility of embedded instructions being processed by the LLM.
Audit Metadata