portfolio-status
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It reads and analyzes the content of various markdown files (e.g.,
research.md,prd.md,design-brief.md) and JSON metadata to determine project health and graduation readiness. - Ingestion points: Files located within
pm-workspace-docs/initiatives/active/andpm-workspace-docs/initiatives/done/. - Boundary markers: None. The skill does not define delimiters or provide instructions to the agent to ignore potentially malicious content within these data files.
- Capability inventory: The agent has the ability to read and write files to the local filesystem and interact with external services like Slack, Notion, and Linear via MCP tools.
- Sanitization: No sanitization or validation of the input file content is performed before processing. If an attacker controls the content of a project artifact, they could influence the agent's output or tool usage.
Audit Metadata