Skills
skills/nahisaho/codegraphmcpserver/project-manager/Gen Agent Trust Hub

project-manager

Fail

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed with a vulnerability to indirect prompt injection through its mandatory 'Project Memory' system.
  • Ingestion points: The skill is instructed to 'ALWAYS read' files from the steering/ and docs/requirements/ directories before starting any task.
  • Boundary markers: The instructions lack delimiters or specific guardrails to prevent the agent from executing instructions found within these external files.
  • Capability inventory: The skill is granted Write, Edit, and TodoWrite permissions, which could be exploited to modify project files if malicious instructions are present in the ingested data.
  • Sanitization: There is no evidence of sanitization or content validation for the documentation being read.
  • Evidence: Automated scanner alerts have flagged product.md (one of the mandatory steering files) as containing a blacklisted malicious URL.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 25, 2026, 09:51 PM