scrum-master
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and act upon untrusted external data such as project backlogs, team feedback, and impediment reports without established security boundaries.\n
- Ingestion points: Product backlogs, team dynamics descriptions, and stakeholder feedback ingested via the Read and Grep tools as described in the workflow of SKILL.md.\n
- Boundary markers: The instructions do not define delimiters or specific directives for the agent to ignore instructions that might be embedded within the processed artifacts.\n
- Capability inventory: The agent is granted access to high-privilege tools including Bash, Read, Grep, and Glob.\n
- Sanitization: No mechanisms for escaping, validating, or filtering external content are specified in the workflow.\n- [COMMAND_EXECUTION]: The skill configuration requests the Bash tool, which allows for the execution of arbitrary shell commands. While no malicious scripts are included in the skill files, providing this capability to a role-based agent that processes untrusted project data increases the risk of command injection.\n- [EXTERNAL_DOWNLOADS]: The SKILL.md file recommends the installation of the knowledge-virtuoso skill from the krzysztofsurdy/code-virtuoso repository. This is a vendor-owned resource hosted by the skill's author and serves as an optional integration for technical coaching.
Audit Metadata