pi-messenger-crew
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external data to orchestrate agent tasks.
- Ingestion points: The skill reads project requirements from PRD files (e.g.,
PRD.md) and accepts steering instructions via thepromptparameter in planning and revision actions. - Boundary markers: There is no evidence of boundary markers or explicit safety instructions used to delimit untrusted content when it is interpolated into the context of planner or worker agents.
- Capability inventory: The system manages file reservations, writes task state and metadata to the
.pi/messenger/crew/directory, and spawns multiple parallel agent processes (workers, planners, reviewers). - Sanitization: The instructions do not describe any sanitization, validation, or filtering processes for the ingested requirements or steering prompts before they are used to guide the agent workflow.
Audit Metadata