project_management
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Section 1.2 of the skill explicitly permits the agent to override the skill's own descriptions and instructions based on content found in project-specific files like
AGENTS.mdor direct user instructions, creating a potential vector for instruction bypass. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands, specifically
date +'%Y-%m-%d-%H-%M', to generate timestamps for document management. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its core functionality of reading and acting upon untrusted data.
- Ingestion points: Files located in the
local-inbox/directory, as well asAGENTS.md,TODO.md, andGEMINI.mdfiles within the repository. - Boundary markers: None. The skill does not specify the use of delimiters or instructions to ignore embedded commands within these external files.
- Capability inventory: The skill performs file system manipulations (moving and renaming files), Git operations (branching and committing), and shell command execution (
date). - Sanitization: There are no documented procedures for sanitizing, escaping, or validating the content of external files before the agent processes them or follows instructions contained therein.
Audit Metadata