workstream-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/coordinate.pyas part of its primary status tracking workflow. This execution is performed within the local environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external YAML files which could contain hidden instructions.
- Ingestion points: Read from files in
.pm/workstreams/and backlog data. - Boundary markers: No explicit delimiters or 'ignore' instructions are provided to the agent to isolate file content from instructions.
- Capability inventory: The skill has the ability to execute local scripts (
scripts/coordinate.py) and summarize project states. - Sanitization: There is no evidence of content validation or escaping of data retrieved from the local YAML storage.
Audit Metadata