product-manager-toolkit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill requires the agent to run local Python scripts (rice_prioritizer.py and customer_interview_analyzer.py). While these are intended for data analysis, executing local code on external inputs is a known security surface.
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: scripts/customer_interview_analyzer.py processes interview_transcript.txt and scripts/rice_prioritizer.py processes features.csv. 2. Boundary markers: The skill does not define delimiters or ignore-instructions for the external data. 3. Capability inventory: The scripts perform data extraction and synthesis; results are used to inform roadmap and PRD decisions. 4. Sanitization: There is no evidence of input sanitization or validation for the ingested files.
Audit Metadata