product-skills
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because its primary workflow involves the AI agent processing untrusted external data using Python scripts. A malicious user could embed instructions within interview transcripts, feature descriptions, or configuration JSONs to influence the agent's behavior after it analyzes the script outputs.
- Ingestion points: Untrusted data enters the context via
customer_interview_analyzer.py(text transcripts),rice_prioritizer.py(CSV feature lists),landing_page_scaffolder.py(JSON configuration), andproject_bootstrapper.py(JSON configuration). - Boundary markers: Absent. The scripts do not use specific delimiters or warnings to isolate user-supplied content from the tool's generated analysis.
- Capability inventory: The agent can use the included scripts to write generated code and project structures directly to the file system.
- Sanitization: The
landing_page_scaffolder.pyscript uses HTML escaping for its HTML output mode, but most other interpolation points in code templates (e.g., TSX components) lack specific filtering for injection patterns. - [COMMAND_EXECUTION]: Several automation scripts possess extensive file system access rights required for their legitimate scaffolding functions.
project_bootstrapper.pycreates multiple directories and writes boilerplate files—includingpackage.json,Dockerfile, and.env.example—to a user-provided output path usingos.makedirsandopen().write().landing_page_scaffolder.pywrites entire React/Next.js components or HTML pages to a file path provided as an argument, allowing the agent to persist generated code to the user's workspace.
Audit Metadata