faion-pm-agile
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [General Security] (SAFE): The skill is composed entirely of markdown documentation and templates. It does not contain executable scripts, obfuscated content, or hardcoded credentials. Code snippets found in the documentation (e.g., in
tool-migration-process/README.md) are illustrative examples for users and are not executed by the agent. - [Indirect Prompt Injection] (SAFE): The methodologies described involve ingesting data from external project management tools (Jira, GitLab, Linear). This is a known risk surface for indirect prompt injection, but since the skill does not provide automation for these tasks and the agent's toolset is restricted, the risk is negligible.
- Ingestion points: Potential ingestion of issue data from external PM tool APIs as described in the documentation.
- Boundary markers: Not present in the suggested templates.
- Capability inventory: The agent has access to
Read,Write,Edit, and highly restrictedBash(limited tols). - Sanitization: Not addressed in the provided documentation templates.
Audit Metadata