project-manager
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by accepting and storing untrusted user strings (names and descriptions) into YAML manifest files. These files are subsequently intended for use by other pipeline tools such as comfyui-character-gen. * Ingestion points: Project and character description prompts defined in the commands section of SKILL.md. * Boundary markers: Data is stored in structured YAML fields, providing structural separation but no logic to ignore embedded instructions. * Capability inventory: The skill manages local file and directory creation; it does not possess network access or arbitrary code execution capabilities. * Sanitization: There is no evidence of sanitization or escaping for user-provided data before it is written to the file system.
- [NO_CODE]: The skill does not contain any executable scripts, binary files, or complex logic, relying entirely on the agent's interpretation of markdown instructions and templates.
Audit Metadata