Skills
skills/affaan-m/everything-claude-code/product-capability/Gen Agent Trust Hub

product-capability

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted external data.\n
  • Ingestion points: The skill reads product intent from issues, discussions, roadmap notes, and founder messages (SKILL.md).\n
  • Boundary markers: There are no instructions to use delimiters or ignore embedded commands within the input data, increasing the risk that the agent will follow instructions contained within the PRD intent.\n
  • Capability inventory: The skill has the capability to write or update documentation files like PRODUCT.md and files within docs/product/ (SKILL.md).\n
  • Sanitization: No input validation, escaping, or sanitization logic is present to handle potentially malicious content in the requirements documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 01:36 AM