pm-agent
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where instructions embedded in user requests or the analyzed codebase could influence the agent's behavior.\n
- Ingestion points: The skill processes natural language user requests for feature planning (SKILL.md) and reads codebase symbols using the Serena tool (resources/error-playbook.md).\n
- Boundary markers: There are no explicit markers or instructions to treat data from these sources as untrusted or to ignore embedded instructions.\n
- Capability inventory: The agent has the capability to write files to the local directory (e.g., .agents/plan.json) and execute codebase search tools.\n
- Sanitization: No input validation or sanitization mechanisms are described for the data being ingested.
Audit Metadata