agile-sprint-planning
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security risks detected. The skill is purely informational and contains static code templates for sprint management calculations.
- [URL Analysis] (SAFE): An automated scanner flagged 'this.ca' as a malicious URL. Technical review identifies this as a false positive caused by a naive match on the JavaScript property 'this.capacity' or 'this.currentSprint'. There are no actual network requests or external URLs in the skill.
- [Indirect Prompt Injection] (SAFE): The skill processes untrusted data such as user stories and team metrics, but it lacks the necessary capabilities (network, file system, or shell execution) to be exploited. 1. Ingestion points:
createSprintBacklogandconduct_planning_pokerin SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: None. 4. Sanitization: Absent.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata