projectmanagement
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection within its research workflow. It explicitly instructs the agent to fetch and extract content from the web using search tools or text-based browsers.
- Ingestion points: The
Researchstage inminiproject/SKILL.mdusesbrave_searchand thelynxCLI to gather information from external websites. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands when processing the content fetched from the web.
- Capability inventory: Across its components, the skill has the ability to write to the filesystem, execute shell scripts in the
scripts/directory, and perform git operations. - Sanitization: The instructions do not mention any sanitization, validation, or filtering of the content retrieved from external sources before it is incorporated into the agent's context.
- [COMMAND_EXECUTION]: The skill includes several functional scripts to manage project identifiers, migrate data structures, and validate file schemas.
- Evidence:
miniproject/scripts/get-memory-dir.sh,miniproject/scripts/migrate-phases-to-inline.sh,miniproject/scripts/schema.ts, andstorage-zk/scripts/wiki. - Hardcoded Path: The
miniproject/SKILL.mdfile contains a hardcoded absolute path (/home/zenobius/.pi/agent/skills/projectmanagement/miniproject/scripts/get-memory-dir.sh) that points to the author's local environment, which may cause execution failures for other users. - [EXTERNAL_DOWNLOADS]: The skill integrates with external tools by recommending their use via package runners.
- Evidence:
inmemoria/SKILL.mdsuggests runningnpx in-memoriato initialize and maintain codebase intelligence databases.
Audit Metadata