sprint-plan
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or security bypass instructions were detected in the skill instructions.
- [DATA_EXPOSURE]: The skill does not access sensitive local files, environment variables, or hardcoded credentials. It operates only on user-provided data related to project management.
- [EXTERNAL_DOWNLOADS]: The skill references a single informational URL (productcompass.pm) for educational reading. There are no downloads of executable scripts or configuration files from untrusted sources.
- [REMOTE_CODE_EXECUTION]: The skill contains no code (Python, Node.js, or Shell) and does not call any external tools or subprocesses that could lead to code execution.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes external data (backlogs, reports), its capabilities are restricted to text summarization and generating markdown. It lacks the network or system access necessary to escalate an indirect injection attack.
Audit Metadata