using-claude-code-as-pm
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by instructing the agent to process and synthesize data from external, potentially untrusted sources.
- Ingestion points: Data is ingested from sources like customer feedback, support tickets, and competitor research files as described in
references/RESEARCH-SYNTHESIS.md. - Capability inventory: The agent using this skill has significant capabilities including file system access and shell command execution via the Claude Code environment.
- Boundary markers: The provided prompt templates in
references/PROMPT-TEMPLATES.mddo not include explicit instructions to ignore embedded commands within the processed data. - Sanitization: The instructions focus on manual PII removal but do not provide mechanisms to sanitize input against prompt injection attempts.
- [EXTERNAL_DOWNLOADS]: The skill references configuration for external integrations via MCP. It specifically mentions using the official Jira MCP server from Anthropic's GitHub organization, which is a trusted provider.
Audit Metadata