track-management
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an inherent risk of indirect prompt injection due to its workflow for processing external requirements and state memory. 1. Ingestion points: Requirement gathering through user Q&A and reading from local memory files (e.g., .claude/context/memory/learnings.md) as specified in the Memory Protocol. 2. Boundary markers: The skill does not define or implement explicit delimiters or instructions to treat data in memory files or user-provided requirements as untrusted content. 3. Capability inventory: The skill utilizes powerful tools including Bash, Write, and Edit across its files (SKILL.md), which provide an execution path if malicious instructions are ingested. 4. Sanitization: There is no evidence of validation or sanitization of input data before it is processed by the agent to guide subsequent actions.
Audit Metadata