sprint-executor
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill contains absolute file paths to a local user directory in the 'References' section (e.g.,
/Users/khanm/...). This reveals the author's local system structure and username, which is a form of metadata exposure. - [COMMAND_EXECUTION]: The skill executes shell-based commands for syntax checking and building code, including
python -c,npx tsc,cargo check, anddotnet build. While intended for quality assurance, these commands operate on files potentially modified or created by other skills or external inputs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from multiple sources to guide its execution loop.
- Ingestion points: Reads data from JIRA ticket descriptions, Confluence specifications, and output from other engineer skills.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the processed data are defined.
- Capability inventory: The skill has the ability to execute shell commands (compilers/linters), perform git operations (commit/diff), and interact with JIRA (transitions/logging).
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from external JIRA/Confluence sources before it is used to formulate prompts for delegation or review.
Audit Metadata