utility-pm-skill-validate
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a structural and quality validator for project files. It reads local markdown files (SKILL.md, TEMPLATE.md, EXAMPLE.md) and repository metadata (AGENTS.md, commands/) to generate an audit report. It does not attempt to execute code, perform network operations, or access sensitive system data.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content by reading other skills' files to perform its audit. While this creates an ingestion surface for indirect prompt injection, the skill's functionality is limited to generating a textual report and does not involve executing the retrieved content or performing high-risk actions based on it.
- Ingestion points: Reads markdown files from
skills/{name}/,commands/, andAGENTS.md. - Boundary markers: None explicitly defined to isolate input content from the analyzer's internal instructions.
- Capability inventory: Reading local files within the repository scope and producing a structured text report.
- Sanitization: No explicit sanitization or filtering of input content is performed before the LLM analyzes it for compliance.
Audit Metadata