project-monitoring-and-control
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data which could potentially be used to influence the model's health assessment logic. Evidence: (1) Ingestion point: latest_updates input field. (2) Boundary markers: Absent in the system prompt. (3) Capability inventory: Restricted to updating project health and milestone status metadata; no network, file system, or command execution capabilities. (4) Sanitization: No input validation or filtering is performed.
- [No Code] (INFO): The skill is entirely instruction-based and does not include any executable scripts, binaries, or third-party package dependencies.
Audit Metadata