Skills
skills/famaoai-creator/gemini-skills/pmo-governance-lead/Gen Agent Trust Hub

pmo-governance-lead

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes data from the local environment that could be influenced by an attacker.
  • Ingestion points: In src/lib.ts, the functions searchRecursive and simpleGlob read filenames and directory structures from the filesystem using fs.readdirSync.
  • Boundary markers: The filenames are included in the audit output without protective delimiters or instructions to ignore potential commands within the strings.
  • Capability inventory: The skill possesses filesystem read capabilities (metadata) and file-writing capabilities via safeWriteFile in src/index.ts.
  • Sanitization: No sanitization is performed on the filenames or paths discovered during the audit before they are interpolated into the resulting governance report.
  • [COMMAND_EXECUTION]: The skill performs directory traversal and file metadata retrieval (existence, size, and modification times). It uses fs.readdirSync, fs.statSync, and fs.existsSync to audit the project structure based on the path provided in the --dir argument, which allows for reconnaissance of the local filesystem layout.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 03:37 PM