project-management
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is entirely composed of 39 Markdown files containing instructions and templates. It does not include any Python scripts, JavaScript files, shell scripts, or other executable code.- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data through specific agents, which constitutes an indirect prompt injection surface. -- Ingestion points: agents/avant-projet/collecte-besoin.md extracts data from client emails, RFP documents, and meeting notes. -- Boundary markers: Absent. The prompts do not use delimiters or explicit instructions to treat the ingested data as non-executable text. -- Capability inventory: The skill is limited to text generation and populating templates (e.g., brief-client.md, reporting.md); it lacks capabilities for network access, file-system writing, or command execution. -- Sanitization: The agent instructions emphasize verbatim extraction ('Extraire, pas interpréter'), which acts as a rudimentary logical guardrail.
Audit Metadata