plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill is comprised entirely of Markdown instructions and templates (SKILL.md and references/prd-template.md). No executable scripts, binaries, or configuration files for package managers were found.
- SAFE (SAFE): No malicious behaviors such as credential exfiltration, remote code execution, or privilege escalation were identified. The skill's operations are confined to reading and writing local project management files within the
tasks/directory. - Indirect Prompt Injection (SAFE): While the skill ingests data from local files like
tasks/todo.mdandtasks/memory.md, the lack of high-privilege capabilities or network access significantly mitigates risks associated with indirect prompt injection. The skill follows best practices by using structured templates and explicit status blocks.
Audit Metadata