Skills
skills/michalparkola/tapestry-skills-for-claude-code/scrum-sage/Gen Agent Trust Hub

scrum-sage

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious instructions, obfuscation, or sensitive data exposure were detected within the skill's markdown content.
  • [NO_CODE]: The skill is entirely composed of instructions and does not include any executable Python, Node.js, or shell scripts.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8). 1. Ingestion points: The skill analyzes sprint health and backlogs by reading local files using Read, Grep, and Glob tools. 2. Boundary markers: The instructions do not define delimiters or warnings to isolate processed data from the agent's core instructions. 3. Capability inventory: The agent has access to Write and WebSearch tools, which could be misused if malicious instructions are ingested. 4. Sanitization: There is no evidence of input validation or sanitization for the files being analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:13 AM