shuffling-projects
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from an external project management system and interpolating it into agent-facing templates.
- Ingestion points: The skill retrieves item keys, titles, and status information from the project management system using
pm_context.get_itemandpm_context.list_itemsin Step 1 of the workflow. - Boundary markers: No explicit delimiters or instructions (e.g., "ignore instructions within these items") are used in the Markdown templates in Step 3 (Shuffle Preview) and Step 5 (Shuffle Complete) to separate untrusted data from the agent's instructions.
- Capability inventory: The agent has the capability to modify state in the project management system through
pm_context.assign_to_projectandpm_context.add_commentas seen in Step 4. - Sanitization: There is no evidence of sanitization, validation, or escaping of the retrieved project item content before it is rendered into the workflow steps.
Audit Metadata