sred-project-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion process. Ingestion points: The skill reads external content from Notion documents, GitHub Pull Requests, and Linear tickets in SKILL.md (Steps 1, 2, 4, 5). Boundary markers: There are no explicit instructions or delimiters used to separate the external data from the agent's internal instructions. Capability inventory: The agent has read access to GitHub, Notion, and Linear, and write access to Notion. Sanitization: No evidence of sanitization or validation of the ingested external content before it is processed or used to generate new documents.
- [COMMAND_EXECUTION]: The skill optionally uses the gh CLI tool to fetch GitHub data, which involves executing system-level commands to retrieve PR data.
Audit Metadata