agile-sprint
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by processing external data and user-provided arguments within the agent's context without adequate safeguards.
- Ingestion points: The skill ingests data from the
$ARGUMENTSvariable inSKILL.mdand explicitly reads from external sources such as 'Epics', 'Retros', and 'Backlog items' to perform its planning tasks. - Boundary markers: The instructions lack delimiters or isolation markers to distinguish between system instructions and data ingested from external files or user input.
- Capability inventory: The skill possesses the capability to write files to the local file system (e.g.,
planning/sprints/sprint-YYYY-MM-DD.md) and references a local template at~/.agents/templates/sprint.md. - Sanitization: There is no evidence of validation or sanitization of the content retrieved from external files before it is processed by the agent.
Audit Metadata