Skills
skills/piperubio/ai-agents/project-stakeholder-communication/Gen Agent Trust Hub

project-stakeholder-communication

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes project-related documents which could be manipulated by an attacker to include hidden instructions designed to influence the drafted communication or the project state.
  • Ingestion points: project_state.md, status-reports.md, and change-log.md (as defined in SKILL.md).
  • Boundary markers: Absent; the skill does not utilize delimiters or specific instructions to disregard embedded commands in the source data.
  • Capability inventory: The skill is limited to drafting text messages and updating a specific local file (project_state.md). It lacks network access or shell execution capabilities, which severely limits the impact of an injection.
  • Sanitization: Absent; there is no evidence of input validation or escaping for the project data provided to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 09:18 PM