backlog-curator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/analyze_backlog.pyto calculate task priorities. This is a standard and expected operation for the skill's purpose. - [PROMPT_INJECTION]: The skill processes data from
.pm/backlog/items.yaml, which represents an indirect prompt injection surface if the backlog contains untrusted input. However, this is inherent to any task management functionality. - Ingestion points:
.pm/backlog/items.yaml(reading item titles and descriptions). - Boundary markers: Absent; the skill does not define specific delimiters for separating data from instructions.
- Capability inventory: Local file system access (read/write) and execution of the
scripts/analyze_backlog.pysubprocess. - Sanitization: Absent; the skill relies on the structured format of the YAML file.
Audit Metadata