sred-project-organizer
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from multiple external sources to generate technical summaries.
- Ingestion points: The skill reads data from user-provided Notion documents, GitHub Pull Requests, and Linear tickets (as described in Steps 2, 5, and 6).
- Boundary markers: The instructions do not specify the use of delimiters (e.g., XML tags or triple quotes) or specific "ignore embedded instructions" headers when interpolating retrieved text into the prompt context for evaluation.
- Capability inventory: The agent has write access to the user's Notion workspace to create and populate documents, which could be misused if a malicious instruction inside a PR or ticket is obeyed.
- Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is processed by the model to determine project uncertainties or goals.
Audit Metadata