workflow-pm-reporting
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided input as context for the
/workflow-startcommand. This ingestion of untrusted data represents a surface for indirect prompt injection where instructions embedded in a user's prompt could theoretically influence the workflow's behavior.\n - Ingestion points: User prompt passed as context for the
pm-reportingworkflow in SKILL.md.\n - Boundary markers: No delimiters or 'ignore' instructions are present to isolate the user's prompt from the workflow's execution instructions.\n
- Capability inventory: The skill triggers a sequence of commands including
/status,/dependency, and/workflow-end.\n - Sanitization: No input validation, escaping, or filtering of the user-provided context is performed.\n- [SAFE]: The skill's operations are confined to internal reporting and dependency analysis. No evidence of credential exposure, external network calls, remote code downloads, or persistence mechanisms was found.
Audit Metadata