pm-cli-usage
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the
@jogi47/pm-clipackage via npm. This is a vendor-owned resource from the skill author and is necessary for the described functionality.\n- [COMMAND_EXECUTION]: Provides instructions for using thepmCLI to perform task management operations, including listing, creating, and updating tasks, and creating git branches based on task titles.\n- [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection as the tool processes task data from external sources.\n - Ingestion points: Task titles, descriptions, and comments fetched from Asana and Notion (documented in
SKILL.md).\n - Boundary markers: No explicit delimiters or instructions to ignore embedded content are specified for the agent.\n
- Capability inventory: Includes CLI operations and git branch management via the
pmtool.\n - Sanitization: Task titles are slugified before being used in git branch names, reducing the risk of command injection.
Audit Metadata