pm-manager
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill presents a significant vulnerability surface where untrusted data can influence agent actions. * Ingestion points: Processes project-related data, schedules, and meeting notes using the 'Read' tool. * Boundary markers: Absent; there are no instructions or delimiters to isolate data from commands. * Capability inventory: The 'Write', 'Edit', and 'TodoWrite' tools allow the agent to modify the file system and project state based on potentially poisoned input. * Sanitization: Absent; no logic is provided to filter or validate external content.
- No Code (SAFE): The skill contains no executable scripts, binaries, or package dependencies, eliminating the risk of direct remote code execution or traditional malware behavior.
Recommendations
- AI detected serious security threats
Audit Metadata