scrum-conductor
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is comprised entirely of Markdown documentation files. It does not contain any Python, Node.js, or shell scripts, which eliminates common attack vectors related to malicious code execution.
- [SAFE]: No malicious patterns such as direct prompt injection, credential theft, or unauthorized data access were detected. The skill is authored by 'oakoss' and focuses strictly on agile project management methodologies.
- [PROMPT_INJECTION]: The skill describes a workflow that ingests data from external trackers, which constitutes a surface for indirect prompt injection. 1. Ingestion points: Git logs, PRs, and tickets from GitHub, Jira, and Linear. 2. Boundary markers: None explicitly enforced in the text. 3. Capability inventory: Fact synthesis, standup generation, and backlog grooming. 4. Sanitization: The risk is mitigated by mandatory 'Supervisor Checkpoints' and 'Human Escalation Guardrails' requiring human approval for decisions and code changes.
Audit Metadata