backlog-manager
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is designed for legitimate documentation and backlog management within a project's directory.
- [NO_CODE]: The skill consists exclusively of markdown instructions and does not include any scripts, binaries, or automated code execution.
- [PROMPT_INJECTION]: The skill processes content from a local file, creating a surface for indirect prompt injection.
- Ingestion points: Reads the existing backlog file at
docs/需求池.mdduring merging, cleaning, and filtering workflows. - Boundary markers: The instructions do not define specific delimiters to separate data within the file from instructions.
- Capability inventory: Filesystem read and write access limited to the specific markdown file.
- Sanitization: Content is structured using rigid templates, and all modifications require explicit user confirmation, which mitigates the risk of unauthorized actions.
Audit Metadata