pm-planner
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection where malicious instructions embedded in user-provided requirements could influence the agent's actions or downstream processes.
- Ingestion points: Untrusted external input in the form of business and technical requirements provided by the user via natural language.
- Boundary markers: None detected. The instructions do not specify any delimiters (such as XML tags or triple quotes) to separate untrusted data from the agent's system instructions.
- Capability inventory: The skill is granted powerful file-modification tools including Write, Edit, and TodoWrite, which allow it to persist data to the filesystem.
- Sanitization: No evidence of sanitization, validation, or escaping logic for the content processed and written to documentation files.
- [No Code Detected] (INFO): The skill consists entirely of instructional markdown and metadata. No executable scripts (Python, JavaScript, etc.) were found in the provided file.
Recommendations
- AI detected serious security threats
Audit Metadata